Identity key store file not found in Weblogic

March 5, 2021
()


Identity key store file not found weblogic.nodemanager.common.ConfigException

In this post, we are going to demonstrate how to fix the issue of Identity key store file not found weblogic.nodemanager.common.ConfigException. When we tried to start node manager, we encounter the below error.

[oracle@DBsGuru bin]$ ./startNodeManager.sh
NODEMGR_HOME is already set to /u01/app/oracle/Middleware/user_projects/domains/base_domain/nodemanager
CLASSPATH=/u02/JAVA/latest/lib/tools.jar:/u01/app/oracle/Middleware/wlserver/server/lib/weblogic.jar:/u01/app/oracle/Middleware/wlserver/../oracle_common/modules/thirdparty/ant-contrib-1.0b3.jar:/u01/app/oracle/Middleware/wlserver/modules/features/oracle.wls.common.nodemanager.jar::/u01/app/oracle/Middleware/wlserver/..:/u01/app/oracle/Middleware/wlserver/modules/features/oracle.wls.common.grizzly.jar
+ /u02/JAVA/jdk1.8_271/bin/java -server -Xms32m -Xmx200m -Djdk.tls.ephemeralDHKeySize=2048 -Dcoherence.home=/u01/app/oracle/Middleware/wlserver/../coherence -Dbea.home=/u01/app/oracle/Middleware/wlserver/.. -Dweblogic.RootDirectory=/u01/app/oracle/Middleware/user_projects/domains/base_domain -Djava.system.class.loader=com.oracle.classloader.weblogic.LaunchClassLoader -Djava.security.policy=/u01/app/oracle/Middleware/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/u02/JAVA/latest weblogic.NodeManager -v
<Feb 12, 2021 11:07:05 AM EST> <INFO> <Loading domains file: /u01/app/oracle/Middleware/user_projects/domains/base_domain/nodemanager/nodemanager.domains>
<Feb 12, 2021 11:07:05 AM EST> <INFO> <Loading identity key store: FileName=/u01/app/oracle/Middleware/user_projects/domains/base_domain/security/DemoIdentity.jks, Type=jks, PassPhraseUsed=true>
<Feb 12, 2021 11:07:05 AM EST> <SEVERE> <Fatal error in NodeManager server>
weblogic.nodemanager.common.ConfigException: Identity key store file not found: /u01/app/oracle/Middleware/user_projects/domains/base_domain/security/DemoIdentity.jks
        at weblogic.nodemanager.server.SSLConfig.loadKeyStoreConfig(SSLConfig.java:225)
        at weblogic.nodemanager.server.SSLConfig.access$000(SSLConfig.java:33)
        at weblogic.nodemanager.server.SSLConfig$1.run(SSLConfig.java:118)
        at java.security.AccessController.doPrivileged(Native Method)
        at weblogic.nodemanager.server.SSLConfig.<init>(SSLConfig.java:115)
        at weblogic.nodemanager.server.NMServer.<init>(NMServer.java:169)
        at weblogic.nodemanager.server.NMServer.getInstance(NMServer.java:134)
        at weblogic.nodemanager.server.NMServer.main(NMServer.java:589)
        at weblogic.NodeManager.main(NodeManager.java:31)

+ status=1
+ set +x
/u01/app/oracle/Middleware/user_projects/domains/base_domain/bin

The cause of this issue is because the DemoIdentity.jks is not generated at the time of the configuration steps.

Below are the steps to resolve this issue.


1. Export Class Path.

[oracle@DBsGuru bin]$ export CLASSPATH=$CLASSPATH:$MW_HOME/wlserver/server/lib/weblogic.jar


2. Goto $DOMIN_HOME/security
your DemoIdentity.jks file must reside inside the below location.

[oracle@DBsGuru base_domain]$ cd security/
[oracle@DBsGuru1 security]$ ls -lrt
total 44
-rw-r----- 1 oracle oracle    64 Feb 10 12:30 SerializedSystemIni.dat
-rw-r----- 1 oracle oracle 31790 Feb 10 12:30 XACMLRoleMapperInit.ldift
-rw-r----- 1 oracle oracle  2822 Feb 10 12:30 DefaultRoleMapperInit.ldift
-rw-r----- 1 oracle oracle  3321 Feb 10 12:33 DefaultAuthenticatorInit.ldift


3. create DemoIdentity.jks

In this step we are going to generate DemoIdentity.jks file manually.

[oracle@DBsGuru security]$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 2048 -noskid
Generating a certificate with common name RVCCMCUSELFSERV01.raritanval.edu and key strength 2048
issued by CA with certificate from /u01/app/oracle/Middleware/wlserver/server/lib/CertGenCA.der file and key from /u01/app/oracle/Middleware/wlserver/server/lib/CertGenCAKey.der file


4. Import certificate.

Here, we have to import the certificate.

[oracle@DBsGuru security]$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
<Feb 12, 2021 11:11:34 AM EST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Feb 12, 2021 11:11:34 AM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>

Imported private key demokey.pem and certificate democert.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity


5. Start Node manager.

After creating DemoIdentity.jks, Now we are going to start node manager.

[oracle@DBsGuru bin]$ pwd
/u01/app/oracle/Middleware/user_projects/domains/base_domain/bin
[oracle@DBsGuru bin]$ ./startNodeManager.sh

This document is only for learning purpose and always validate in the LAB environment first before applying in the LIVE environment.


Hope so you like this article!
Please share your valuable feedback/comments/subscribe and follow us below and don’t forget to click on the bell icon to get the most recent update. Click here to understand more about our pursuit.

Loading

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

DBsGuru

🌐

<strong>Hello and welcome to DBsGuru,</strong>DBsGuru is a group of experienced DBA professionals and serves databases and their related community by providing technical blogs, projects, training. Technical blogs are the source of vast information not about databases but its related product like middleware, PL/SQL, replication methodology, and so on.Thanks for the visits!<strong>Share Learn Grow!</strong>

1 Comments

  • hello I am in the same predicament butmy weblogic is residing in a different machine that will have a manged server of a cluster so i did not create a domain. (did not run the config script)

    I installed base weblogic binaries on machine2
    machine1 runs domain, cluster1, admin server, nodemanager, managedserver1
    machine2 managedserver2

    Machine2 will be part of cluster1 and will run managedservef2 part of cluster1

    Do I need to run the config script? I want only one domain.

    Cheers

    Nick

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *