Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 17 Oracle Analytics Lounge
- 218 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 81 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE 12c : NodeManager fails to strat with "Key store identity alias does not contain a certificate
Hello,
We are following the Doc ID 2188982.1 in order to configure SSL communication OBIEE 12c but when attempting to start the NodeManger, it doesnt start, the log show the following error :
<23 déc. 2019 10 h 31 CET> <INFO> <Loading domains file: 
\APPS\Oracle\OBIEE_HYBDXX02\user_projects\domains\hybdxx02_bifoundation_domain\nodemanager\nodemanager.domains>
<23 déc. 2019 10 h 31 CET> <INFO> <Loading identity key store: FileName=D:\APPS\Oracle\OBIEE_HYBDXX02\ssl\int1_answers_caa_group_gca.jks, Type=jks, PassPhraseUsed=false>
<23 déc. 2019 10 h 31 CET> <SEVERE> <Fatal error in NodeManager server>
- weblogic.nodemanager.common.ConfigException: Key store identity alias does not contain a certificate chain: int1_answers_caa_group_gca
at weblogic.nodemanager.server.SSLConfig.loadKeyStoreConfig(SSLConfig.java:239)
at weblogic.nodemanager.server.SSLConfig.access$000(SSLConfig.java:33)
Could you please help us to fix this issue ?
Thank you in advance for your help
Answers
-
Did you check whether "int1_answers_caa_group_gca.jks" really contains a key? And is it called "int1_answers_caa_group_gca" as the alias?
0 -
Yes the "int1_answers_caa_group_gca.jks" contains already a key, see Bellow
keytool -list -keystore int1_answers_caa_group_gca.jks
Keystore type: PKCS12
Keystore provider: SUNYour keystore contains 3 entries
int1_answers_caa_group_gca, 20 déc. 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): DE:19:46:7C:F0:7E:B1:56:79:E6:C8:1C:AC:3C:42:7D:DD:0F:30:DF
mycacert, 23 déc. 2019, trustedCertEntry,
Certificate fingerprint (SHA1): C3:A1:92:0A:24:2E:3E:6B:68:A4:23:C4:8B:20:A1:73:45:1E:91:6F
interca, 23 déc. 2019, trustedCertEntry,
Certificate fingerprint (SHA1): 68:1A:0F:7D:0A:C4:A2:E7:6A:B0:8C:06:EB:B5:7E:CA:3B:2A:D3:40Thank you for your reply
0 -
Does it contain the chain up to the root? Impossible to sy with just the fingerprint.
Impossible to say with just a -list without -v.
0 -
Yes
keytool -list -v -keystore int1_answers_caa_group_gca.jks
Enter keystore password:
Keystore type: jks
Keystore provider: SUNYour keystore contains 1 entry
Alias name: int1_answers_caa_group_gca
Creation date: 23 déc. 2019
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=int1_ans......, OU=ca, OU=....., OU=Private Group PKI, O=...., C=....
Issuer: CN=....., OU=0002 784608416, OU=Private Group PKI, O=......, C=...
Serial number: b90d1172ad11408caefd473f
Valid from: Thu Dec 05 15:31:54 CET 2019 until: Mon Dec 04 15:32:54 CET 2023
Certificate fingerprints:
MD5: E9:07:17:87:E1:F9:6E:B0:EB:8E:CA:C9:AD:1C:D7:3F
SHA1: DE:19:46:7C:F0:7E:B1:56:79:E6:C8:1C:AC:3C:42:7D:DD:0F:30:DF
SHA256: CC:2E:F7:4F:4C:33:6B:B6:6F:2F:7F:38:55:70:D0:C1:47:13:D5:5E:D8:DE:F6:E7:1A:3F:E2:39:AA:B6:A3:F7
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName:
,
accessMethod: ocsp
accessLocation: URIName:
]
]#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 94 F9 7A 6B CB 4F 97 63 61 81 05 23 6A C8 19 2F ..zk.O.ca..#j../
0010: BE 0B 79 EC ..y.
]
]#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ]
]]#4: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.250.1.316.1.1.6.1]
[] ]
]#5: ObjectId: 2.5.29.37 Criticality=true
ExtendedKeyUsages [
clientAuth
serverAuth
]#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: int1.answers.caa.group.gca
]#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 17 2B 2B 38 0C 3C 3D 86 A5 AF 22 79 B4 57 69 ..++8.<=..."y.Wi
0010: B7 D1 48 F5 ..H.
]
]Certificate[2]:
Owner: CN=CA ...., OU=0002 784608416, OU=Private Group PKI, O=...., C=FR
Issuer: CN=RCA ....., OU=0002 784608416, OU=Private Group PKI, O=...., C=FR
Serial number: 1120b61e37c12e9c8d5a9f77552e810db73c
Valid from: Tue Feb 24 01:00:00 CET 2015 until: Wed Feb 24 01:00:00 CET 2027
Certificate fingerprints:
MD5: 99:4F:10:19:99:C3:B5:36:35:E0:D5:CE:3F:51:5C:9A
SHA1: 68:1A:0F:7D:0A:C4:A2:E7:6A:B0:8C:06:EB:B5:7E:CA:3B:2A:D3:40
SHA256: 1D:C5:2B:42:9B:E1:C6:66:44:E6:C4:DC:71:2E:99:DA:B7:B7:F7:10:F5:E3:B0:CE:D8:04:AC:94:B9:E8:FA:46
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FD 82 8C 94 B2 AD F3 DD 85 21 5A 79 05 86 CF 77 .........!Zy...w
0010: 85 65 2F 63 .e/c
]
]#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ]
]]#4: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[] ]
]#5: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 94 F9 7A 6B CB 4F 97 63 61 81 05 23 6A C8 19 2F ..zk.O.ca..#j../
0010: BE 0B 79 EC ..y.
]
]Certificate[3]:
Owner: CN=RCA , OU=0002 784608416, OU=Private Group PKI, O=...., C=...
Issuer: CN=RCA .... , OU=0002 784608416, OU=Private Group PKI, O=....., C=...
Serial number: 11200e177bff2b10aeb99cd9a59347a3b397
Valid from: Tue Feb 24 01:00:00 CET 2015 until: Fri Feb 24 01:00:00 CET 2045
Certificate fingerprints:
MD5: 2B:E4:CB:46:8F:CE:54:5C:DC:54:8D:01:7A:76:5D:A9
SHA1: C3:A1:92:0A:24:2E:3E:6B:68:A4:23:C4:8B:20:A1:73:45:1E:91:6F
SHA256: 58:1C:84:90:0D:1B:F4:4C:B2:7A:B2:8E:ED:79:39:D7:36:B0:85:73:D2:76:C2:84:23:7C:61:63:6D:8E:F9:D5
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FD 82 8C 94 B2 AD F3 DD 85 21 5A 79 05 86 CF 77 .........!Zy...w
0010: 85 65 2F 63 .e/c
]
]#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FD 82 8C 94 B2 AD F3 DD 85 21 5A 79 05 86 CF 77 .........!Zy...w
0010: 85 65 2F 63 .e/c
]
]*******************************************
*******************************************Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore int1_answers_caa_group_gca.jks -destkeystore int1_answers_caa_group_gca.jks -deststoretype pkcs12".0 -
Did you get a fix for this issue?
0