2 Replies Latest reply on Feb 22, 2012 7:56 PM by 914147

    OIF 11g - Error after renewing signing certficate

      I had to renew the signing certificate for OIF 11g ( , which was about to expire. It was a straight forward rewal, where I used ewallet.p12 file from OWM and updated in OIF (under security and trust menu). I removed the old wallet and did a update with the new one. The password to the wallet and private key are all the same. Server comes up fine, but while testing IdP site, I keep getting this error:

      WatchData: DATE = Dec 14, 2011 4:23:30 PM CST SERVER = wls_oif1 MESSAGE = [ServletContext@191623398[app:OIF module:/fed path:/fed spec-version:2.5 version:11
      .]] Servlet failed with Exception
      java.lang.RuntimeException: The server could not initialize properly: oracle.security.fed.sec.util.KeySourceException: No private key found in the PKCS#12 Wa
      llet for alias: OIF
      at oracle.security.fed.controller.web.servlet.AbstractFedServlet.initApplicationController(Unknown Source)
      at oracle.security.fed.controller.web.servlet.AbstractFedServlet.getApplicationController(Unknown Source)

      Has anybody faced this issue during certificate renewal. Please help.

        • 1. Re: OIF 11g - Error after renewing signing certficate
          Resolved the issue. For some reason it doesn't like using the same signing certifcate alias name. I updated the cert again without alias and it worked and also removed the old wallet.

          • 2. Re: OIF 11g - Error after renewing signing certficate

            Can you provide some detail on setting up the signing cert for your OIF instance? I can't figure out which wallet. I have a couple of wallets on my system:


            The password I used during my install doesn't work for either of these. I want to use my own private key to sign these certs, but I'm not sure where to add it. I tried creating a JKS store and switching to JKS in the OIF admin in /em, but it wouldn't accept my JKS.