OVD 11g Fails to Start After Certificate Replacement: [ERROR] [OVD-60216] / Cannot start Oracle Virtual Directory server: Cannot recover key.[[ java.security.UnrecoverableKeyException: Cannot recover key (Doc ID 2098140.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g.

OVD will not start after certificate replacement.

Following Document 1210784.1, inside the Enterprise Manager (EM) Fusion Middleware (FMW) Control console, imported a new certificate but did not remove the old one.

Restarting OVD then fails to start with diagnostic.log error:

[2016-01-12T00:51:06.803-08:00] [octetstring] [ERROR] [OVD-60216] [com.octetstring.vde.VDEServer] [tid: 10] [ecid: 0000L8p1zt0EWNI5yr^AyW1M_Btq000000,0] Cannot start Oracle Virtual Directory server: Cannot recover key.[[
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.octetstring.vde.frontend.SocketListener.getSSLContext(SocketListener.java:121)
at com.octetstring.vde.frontend.SocketListener.init(SocketListener.java:86)
at com.octetstring.vde.frontend.LDAP.init(LDAP.java:124)
at com.octetstring.vde.frontend.ListenerHandler.addListener(ListenerHandler.java:99)
at com.octetstring.vde.frontend.ListenerHandler.init(ListenerHandler.java:91)
at com.octetstring.vde.VDEServer.startServer(VDEServer.java:181)
at com.octetstring.vde.VDEServer.main(VDEServer.java:359)

]]
[2016-01-12T00:51:06.804-08:00] [octetstring] [NOTIFICATION] [OVD-20052] [com.octetstring.vde.VDEServer] [tid: 10] [ecid: 0000L8p1zt0EWNI5yr^AyW1M_Btq000000,0] Oracle Virtual Directory Server is shutting down.


Used Document 1347972.1 as a temporary workaround to restore OVD back, however unable to update certificates which expire soon.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms