My Oracle Support Banner

Cannot View The Oamkeystore Keystore On Newer Jdk, Updating Keystore Aliases (Doc ID 2426746.1)

Last updated on JULY 24, 2018

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


You are trying to list the aliases in the oamkeystore as you need to add a cert to it, but you have to use an older jdk to view it, otherwise you will get this error:

Jul 19, 2018 10:20:05 AM filterCheck
INFO: ObjectInputFilter REJECTED: class com.sun.crypto.provider.SealedObjectForKeyProtector, array length: -1, nRefs: 1, depth: 1, bytes: 70, ex: n/a
keytool error: Invalid secret key format Invalid secret key format
  at com.sun.crypto.provider.JceKeyStore.engineLoad(

You cannot view the aliases on the .oamkeystore file. Is there some way to update the .oamkeystore file so that you can view it with current versions of JDK?

You cannot view this keystore using JDK 1.7.0_181, however, can view it using JDK 1.7.0_171. Is there a way to get this keystore to be viewable on the newer JDK?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.