Identity key store file not found weblogic.nodemanager.common.ConfigException
In this post, we are going to demonstrate how to fix the issue of Identity key store file not found weblogic.nodemanager.common.ConfigException. When we tried to start node manager, we encounter the below error.
[oracle@DBsGuru bin]$ ./startNodeManager.sh
NODEMGR_HOME is already set to /u01/app/oracle/Middleware/user_projects/domains/base_domain/nodemanager
CLASSPATH=/u02/JAVA/latest/lib/tools.jar:/u01/app/oracle/Middleware/wlserver/server/lib/weblogic.jar:/u01/app/oracle/Middleware/wlserver/../oracle_common/modules/thirdparty/ant-contrib-1.0b3.jar:/u01/app/oracle/Middleware/wlserver/modules/features/oracle.wls.common.nodemanager.jar::/u01/app/oracle/Middleware/wlserver/..:/u01/app/oracle/Middleware/wlserver/modules/features/oracle.wls.common.grizzly.jar
+ /u02/JAVA/jdk1.8_271/bin/java -server -Xms32m -Xmx200m -Djdk.tls.ephemeralDHKeySize=2048 -Dcoherence.home=/u01/app/oracle/Middleware/wlserver/../coherence -Dbea.home=/u01/app/oracle/Middleware/wlserver/.. -Dweblogic.RootDirectory=/u01/app/oracle/Middleware/user_projects/domains/base_domain -Djava.system.class.loader=com.oracle.classloader.weblogic.LaunchClassLoader -Djava.security.policy=/u01/app/oracle/Middleware/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/u02/JAVA/latest weblogic.NodeManager -v
<Feb 12, 2021 11:07:05 AM EST> <INFO> <Loading domains file: /u01/app/oracle/Middleware/user_projects/domains/base_domain/nodemanager/nodemanager.domains>
<Feb 12, 2021 11:07:05 AM EST> <INFO> <Loading identity key store: FileName=/u01/app/oracle/Middleware/user_projects/domains/base_domain/security/DemoIdentity.jks, Type=jks, PassPhraseUsed=true>
<Feb 12, 2021 11:07:05 AM EST> <SEVERE> <Fatal error in NodeManager server>
weblogic.nodemanager.common.ConfigException: Identity key store file not found: /u01/app/oracle/Middleware/user_projects/domains/base_domain/security/DemoIdentity.jks
at weblogic.nodemanager.server.SSLConfig.loadKeyStoreConfig(SSLConfig.java:225)
at weblogic.nodemanager.server.SSLConfig.access$000(SSLConfig.java:33)
at weblogic.nodemanager.server.SSLConfig$1.run(SSLConfig.java:118)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.nodemanager.server.SSLConfig.<init>(SSLConfig.java:115)
at weblogic.nodemanager.server.NMServer.<init>(NMServer.java:169)
at weblogic.nodemanager.server.NMServer.getInstance(NMServer.java:134)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:589)
at weblogic.NodeManager.main(NodeManager.java:31)
+ status=1
+ set +x
/u01/app/oracle/Middleware/user_projects/domains/base_domain/bin
The cause of this issue is because the DemoIdentity.jks is not generated at the time of the configuration steps.
Below are the steps to resolve this issue.
1. Export Class Path.
[oracle@DBsGuru bin]$ export CLASSPATH=$CLASSPATH:$MW_HOME/wlserver/server/lib/weblogic.jar
2. Goto $DOMIN_HOME/security
your DemoIdentity.jks file must reside inside the below location.
[oracle@DBsGuru base_domain]$ cd security/
[oracle@DBsGuru1 security]$ ls -lrt
total 44
-rw-r----- 1 oracle oracle 64 Feb 10 12:30 SerializedSystemIni.dat
-rw-r----- 1 oracle oracle 31790 Feb 10 12:30 XACMLRoleMapperInit.ldift
-rw-r----- 1 oracle oracle 2822 Feb 10 12:30 DefaultRoleMapperInit.ldift
-rw-r----- 1 oracle oracle 3321 Feb 10 12:33 DefaultAuthenticatorInit.ldift
3. create DemoIdentity.jks
In this step we are going to generate DemoIdentity.jks file manually.
[oracle@DBsGuru security]$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 2048 -noskid
Generating a certificate with common name RVCCMCUSELFSERV01.raritanval.edu and key strength 2048
issued by CA with certificate from /u01/app/oracle/Middleware/wlserver/server/lib/CertGenCA.der file and key from /u01/app/oracle/Middleware/wlserver/server/lib/CertGenCAKey.der file
4. Import certificate.
Here, we have to import the certificate.
[oracle@DBsGuru security]$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
<Feb 12, 2021 11:11:34 AM EST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Feb 12, 2021 11:11:34 AM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
Imported private key demokey.pem and certificate democert.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity
5. Start Node manager.
After creating DemoIdentity.jks, Now we are going to start node manager.
[oracle@DBsGuru bin]$ pwd
/u01/app/oracle/Middleware/user_projects/domains/base_domain/bin
[oracle@DBsGuru bin]$ ./startNodeManager.sh
This document is only for learning purpose and always validate in the LAB environment first before applying in the LIVE environment.
Hope so you like this article!
Please share your valuable feedback/comments/subscribe and follow us below and don’t forget to click on the bell icon to get the most recent update. Click here to understand more about our pursuit.
hello I am in the same predicament butmy weblogic is residing in a different machine that will have a manged server of a cluster so i did not create a domain. (did not run the config script)
I installed base weblogic binaries on machine2
machine1 runs domain, cluster1, admin server, nodemanager, managedserver1
machine2 managedserver2
Machine2 will be part of cluster1 and will run managedservef2 part of cluster1
Do I need to run the config script? I want only one domain.
Cheers
Nick