OVD 11g: Importing A Certificate Authority's Signed Certificate Into OVD 11g Keystore Fails with: PKI-04018: User cert does not match pvt key for input alias.
(Doc ID 1599649.1)
Last updated on MAY 31, 2024
Applies to:
Oracle Virtual Directory - Version 11.1.1.2.0 to 11.1.1.9.0 [Release 11g]Information in this document applies to any platform.
Symptoms
Oracle Virtual Directory (OVD) 11g, i.e., 11.1.1.6.0.
While configuring for SSL, created a new keystore in Enterprise Manager (EM) Fusion Middleware (FMW) Control console for the newly created OVD component/instance.
Following: How to Configure OVD Listeners From 11g On LDAPS <Document 1210784.1>
Generated a certificate request (CSR) in EM (or command line keytool) and sent to a third party Certificate Authority (CA), got it signed and returned.
When trying to import the signed certificate (user or server cert) via EM or keytool, it fails with:
The error description in different Oracle documentation includes the following details:
Cause: The private key with matching alias did not match the user certificate.
Action: Use a correct alias.
However the correct alias has been doublechecked and is indeed being provided correctly.
The same error occurs with other OVD components/instances and OVD on other systems.
Tried both java versions 1.6_29 and 1.7_15, for both OVD and WLS, but the cert import still fails with the same error.
Tried different java versions, i.e., 1.6_29 and 1.7_15, for both OVD and Weblogic Server (WLS), but the same error is still returned.
An older OVD 10g node/instance is able to import a signed certificate without problems.
So the error occurs only when attempting to import the signed cert to any OVD 11g instance.
As a temporary workaround, able to use the existing certificates from the OVD 10g keystore, but looking for a long term 11g only solution.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |