My Oracle Support Banner

Oracle Identity Manager (OIM) 11g and Oracle Identity Governance (OIG) 12c: Updated Certs in "default-keystore.jks" Need to be Imported into Keystore Service (KSS) to Avoid JavaScript Object Notation (JSON) Web Token (JWT) Based Authentication Errors (Doc ID 2320887.1)

Last updated on FEBRUARY 28, 2024

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


There may be a need / desire to regenerate the certs in the <DOMAIN_HOME>/config/fmwconfig/default-keystore.jks for the xeltrusted and xell aliases, such as for updating to SHA-2 based certificates.  Doing so can cause JWT based failures.  This doc will cover updating KSS with new certs in default-keystore.jks.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.