My Oracle Support Banner

Updated Certs in default-keystore.jks Need to be Imported into KSS to Avoid JWT Based Authentication Errors with REST API (Doc ID 2320887.1)

Last updated on MAY 06, 2021

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


There may be a need / desire to regenerate the certs in the <DOMAIN_HOME>/config/fmwconfig/default-keystore.jks for the xeltrusted and xell aliases, such as for updating to SHA-2 based certificates. Doing so can cause jwt based failures, so this doc will cover updating KSS with new certs in default-keystore.jks.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.