OPSS - Unable Start Weblogic Server getting CredStoreException: JPS-01061: Access to boostrap credential store denied to application code.

(Doc ID 2412498.1)

Last updated on JUNE 21, 2018

Applies to:

Oracle Platform Security for Java - Version 12.2.1.2.0 and later
Information in this document applies to any platform.

Symptoms

Unable start the server, observing the next error

CLASSPATH=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/oracle_common/modules/features/com.oracle.db.jdbc7-dms.jar:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/oracle_common/modules/features/com.oracle.db.jdbc7-dms.jar:/apps_base/FMW_HOME12C212/MiddleWare/oracle_common/modules/features/com.oracle.db.jdbc7-dms.jar:/apps_base/FMW_HOME12C212/java_home/jdk1.8.0_152/lib/tools.jar:/apps_base/FMW_HOME12C212/MiddleWare/wlserver/server/lib/weblogic.jar:/apps_base/FMW_HOME12C212/MiddleWare/wlserver/../oracle_common/modules/net.sf.antcontrib_1.1.0.0_1-0b3/lib/ant-contrib.jar:/apps_base/FMW_HOME12C212/MiddleWare/wlserver/modules/features/oracle.wls.common.nodemanager.jar:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/../oracle_common/modules/thirdparty

.............................
PATH=/apps_base/FMW_HOME12C212/MiddleWare/user_projects/domains/WCCCAP_Domain/bin:/apps_base/FMW_HOME12C212/MiddleWare/wlserver/server/bin:/apps_base/FMW_HOME12C212/MiddleWare/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/apps_base/FMW_HOME12C212/java_home/jdk1.8.0_152/jre/bin:/apps_base/FMW_HOME12C212/java_home/jdk1.8.0_152/bin:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/bin:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/bin:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/server/bin:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/../oracle_common/modules/thirdparty/org.apache.ant/1.9.8.0.0/apache-ant-1.9.8/bin:/apps_base/FMW_HOME12C/java_home/jdk1.8.0_152/jre/bin:/apps_base/FMW_HOME12C/java_home/jdk1.8.0_152/bin:/apps_base/fmw_home_dev/java_home/jdk/bin/sparcv9:/apps_base/fmw_home_dev/java_home/jdk/bin:/apps_base/domains_dev/soa_dev_domain/bin/server_migration/wlsifconfig.sh:/apps_base/fmw_home_dev/wlserver_10.3/common/bin/wlscontrol.sh:/apps_base/fmw_home_dev/wlserver_10.3/common/nodemanager/nodemanager.domains:/usr/bin:
.
***************************************************
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://hostname:port/console *
***************************************************
Starting WLS with line:
/apps_base/FMW_HOME12C212/java_home/jdk1.8.0_152/bin/java -server -d64 -Xms2048m -Xmx2048m -Dweblogic.Name=AdminServer -Djava.security.policy=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.ProductionModeEnabled=true -Dweblogic.ProductionModeEnabled=true -Djava.system.class.loader=com.oracle.classloader.weblogic.LaunchClassLoader -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dopss.version=12.2.1.3 -Digf.arisidbeans.carmlloc=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/config/fmwconfig/carml -Digf.arisidstack.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/servers/AdminServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/oracle_common/modules/oracle.ossoiap,/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/oracle_common/modules/oracle.oamprovider,/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/oracle_common/modules/oracle.jps -Doracle.mds.filestore.preferred= -Dadf.version=12.2.1.3.0 -Dweblogic.jdbc.remoteEnabled=truefalse -Dcommon.components.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/oracle_common -Djrf.version=12.2.2 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain -Doracle.server.config.dir=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/config/fmwconfig/servers/AdminServer -Doracle.domain.config.dir=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain/config/fmwconfig -Dohs.product.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/ohs -javaagent:/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/server/lib/debugpatch-agent.jar -da -Dwls.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/server -Dweblogic.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wlserver/server -Djavax.management.builder.initial=weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder -Djps.subject.cache.key=5 -Djps.subject.cache.ttl=600000 -Djps.policystore.hybrid.mode=false -DUSE_JAAS=false -Djps.auth.debug=false -Djps.combiner.optimize.lazyeval=true -Djps.combiner.optimize=true -Djps.authz=ACC -Dem.oracle.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/em -DINSTANCE_HOME=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/user_projects/domains/wcc_domain -Djava.awt.headless=true -Doracle.sysman.util.logging.mode=dual_mode -Dipm.oracle.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wccontent -Doracle.capture.home=/apps_base/FMW_HOME12C/MiddleWare/Oracle_HOME/wccapture -Ducm.oracle.home=/apps_base/FMW_HOME12C/MiddleWare

.....................................
<Jun 18, 2018 6:50:16 AM CDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Jun 18, 2018 6:50:16 AM CDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Jun 18, 2018 6:50:17 AM CDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 25.152-b16 from Oracle Corporation.>
Jun 18, 2018 6:50:17 AM oracle.security.jps.wls.JpsBootStrapService start
INFO: JPS bootstrap service started.
<Jun 18, 2018 6:50:18 AM CDT> <Info> <RCM> <BEA-2165021> <"ResourceManagement" is not enabled in this JVM. Enable "ResourceManagement" to use the WebLogic Server "Resource Consumption Management" feature. To enable "ResourceManagement", you must specify the following JVM options in the WebLogic Server instance in which the JVM runs: -XX:+UnlockCommercialFeatures -XX:+ResourceManagement.>
<Jun 18, 2018 6:50:19 AM CDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 12.2.1.2.0 Mon Oct 3 04:35:36 PDT 2016 1827450
WebLogic Server 12.2.1.3.0 Thu Aug 17 13:39:49 PDT 2017 1882952>
Jun 18, 2018 6:50:21 AM oracle.security.jps.internal.config.OpssCommonStartup preStart
INFO: Jps startup failed.
<Jun 18, 2018 6:50:24 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>
<Jun 18, 2018 6:50:24 AM CDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool.>
<Jun 18, 2018 6:50:24 AM CDT> <Info> <WorkManager> <BEA-002942> <CMM memory level becomes 0. Setting standby thread pool size to 256.>
<Jun 18, 2018, 6:50:25,21 AM CDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:

There are 1 nested errors:

oracle.security.jps.JpsException: JPS-06519: Failed to get/set credential with map fks and key null in bootstrap credstore. Reason oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06519: Failed to get/set credential with map fks and key current.key in bootstrap credstore. Reason null
at oracle.security.jps.internal.config.OpssCommonStartup.preStart(OpssCommonStartup.java:418)
at oracle.security.jps.JpsStartup.preStart(JpsStartup.java:358)
at oracle.security.jps.wls.JpsBootStrapService.start(JpsBootStrapService.java:80)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:76)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1262)
at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:332)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:374)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:471)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:232)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2020)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:114)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:88)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1213)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1144)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06519: Failed to get/set credential with map fks and key null in bootstrap credstore. Reason oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06519: Failed to get/set credential with map fks and key current.key in bootstrap credstore. Reason null
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getEncryptionKey(KeyStoreServiceUtil.java:507)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getMasterKey(KeyStoreServiceUtil.java:592)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager$3.run(FileKeyStoreManager.java:465)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager$3.run(FileKeyStoreManager.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:463)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:439)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:162)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.start(FileKeyStoreServiceImpl.java:1272)
at oracle.security.opss.internal.runtime.ServiceContextImpl.start(ServiceContextImpl.java:220)
at oracle.security.opss.internal.runtime.ServiceContextManagerImpl.createContext(ServiceContextManagerImpl.java:615)
at oracle.security.opss.internal.runtime.ServiceContextManagerImpl.initBootstrap(ServiceContextManagerImpl.java:174)
at oracle.security.opss.internal.runtime.ServiceContextManagerImpl.initBootstrap(ServiceContextManagerImpl.java:154)
at oracle.security.jps.internal.config.OpssCommonStartup$3.run(OpssCommonStartup.java:399)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.config.OpssCommonStartup.preStart(OpssCommonStartup.java:352)
... 21 more
Caused by: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06519: Failed to get/set credential with map fks and key current.key in bootstrap credstore. Reason null
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getCurrentMasterKeyAlias(KeyStoreServiceUtil.java:354)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil$5.run(KeyStoreServiceUtil.java:500)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil$5.run(KeyStoreServiceUtil.java:498)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getEncryptionKey(KeyStoreServiceUtil.java:498)
... 36 more
Caused by: oracle.security.jps.service.credstore.CredStoreException: JPS-01061: Access to boostrap credential store denied to application code.
at oracle.security.jps.internal.credstore.ssp.WalletCredentialStore.getCredential(WalletCredentialStore.java:424)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getCurrentMasterKeyAlias(KeyStoreServiceUtil.java:343)
... 40 more

>
***************************************************************************
The WebLogic Server encountered a critical failure
Reason: Assertion violated
***************************************************************************
Stopping Derby server...
Derby server stopped.


>
***************************************************************************
The WebLogic Server encountered a critical failure
Reason: Assertion violated
***************************************************************************
Stopping Derby server...
Derby server stopped.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms