OVD 11g Fails to Start After Certificate Replacement: [ERROR] [OVD-60216] / Cannot start Oracle Virtual Directory server: Cannot recover key.[[ java.security.UnrecoverableKeyException: Cannot recover key
(Doc ID 2098140.1)
Last updated on DECEMBER 02, 2019
Applies to:
Oracle Virtual Directory - Version 11.1.1.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle Virtual Directory (OVD) 11g.
OVD will not start after certificate replacement.
Following Document 1210784.1, inside the Enterprise Manager (EM) Fusion Middleware (FMW) Control console, imported a new certificate but did not remove the old one.
Restarting OVD then fails to start with diagnostic.log error:
[2016-01-12T00:51:06.803-08:00] [octetstring] [ERROR] [OVD-60216] [com.octetstring.vde.VDEServer] [tid: xx] [ecid: <ECID>] Cannot start Oracle Virtual Directory server: Cannot recover key.[[
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.octetstring.vde.frontend.SocketListener.getSSLContext(SocketListener.java:121)
at com.octetstring.vde.frontend.SocketListener.init(SocketListener.java:86)
at com.octetstring.vde.frontend.LDAP.init(LDAP.java:124)
at com.octetstring.vde.frontend.ListenerHandler.addListener(ListenerHandler.java:99)
at com.octetstring.vde.frontend.ListenerHandler.init(ListenerHandler.java:91)
at com.octetstring.vde.VDEServer.startServer(VDEServer.java:181)
at com.octetstring.vde.VDEServer.main(VDEServer.java:359)
]]
[2016-01-12T00:51:06.804-08:00] [octetstring] [NOTIFICATION] [OVD-20052] [com.octetstring.vde.VDEServer] [tid: xx] [ecid:<ECID>] Oracle Virtual Directory Server is shutting down.
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.octetstring.vde.frontend.SocketListener.getSSLContext(SocketListener.java:121)
at com.octetstring.vde.frontend.SocketListener.init(SocketListener.java:86)
at com.octetstring.vde.frontend.LDAP.init(LDAP.java:124)
at com.octetstring.vde.frontend.ListenerHandler.addListener(ListenerHandler.java:99)
at com.octetstring.vde.frontend.ListenerHandler.init(ListenerHandler.java:91)
at com.octetstring.vde.VDEServer.startServer(VDEServer.java:181)
at com.octetstring.vde.VDEServer.main(VDEServer.java:359)
]]
[2016-01-12T00:51:06.804-08:00] [octetstring] [NOTIFICATION] [OVD-20052] [com.octetstring.vde.VDEServer] [tid: xx] [ecid:<ECID>] Oracle Virtual Directory Server is shutting down.
Used Document 1347972.1 as a temporary workaround to restore OVD back, however unable to update certificates which expire soon.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |