[OVM 3.4] Error "signing X509 Certificate. cannot create signer: Supplied key (null) is not a RSAPrivateKey instance" When Changing CA certificate for Oracle VM Manager (Doc ID 2657095.1)

Last updated on DECEMBER 12, 2022

Applies to:

Symptoms

When following https://docs.oracle.com/cd/E64076_01/E64083/html/vmadm-config-ovmm-ssl.html to change Oracle VM Manager's CA certificate, at last step of running 

# su -c "/u01/app/oracle/ovm-manager-3/bin/configure_client_cert_login.sh /path/to/cacert"

Command fails with below error message,

2020-04-02 15:24:37,316 [main] INFO  ovm.wlst.domainbuilder.Domain - Created a user named appframework
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/u01/app/oracle/ovm-manager-3/ovm_cli/lib/slf4j-log4j12.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/u01/app/oracle/Middleware/wlserver/modules/features/weblogic.server.merged.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
Apr 02, 2020 3:24:38 PM oracle.security.jps.JpsStartup start
INFO: Jps initializing.
Apr 02, 2020 3:24:40 PM oracle.security.jps.JpsStartup start
INFO: Jps started.
2020-04-02 15:25:33,819 [main] INFO  com.oracle.appfw.ovm.ws.client.KeytoolHelper - Writing cacert.pem
2020-04-02 15:25:33,821 [main] INFO  com.oracle.appfw.ovm.ws.client.KeytoolHelper - Importing /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/DBSBank-Ent-SubCA.crt with alias ca
2020-04-02 15:25:34,180 [main] INFO  com.oracle.appfw.ovm.ws.client.KeytoolHelper - Importing cacert.pem with alias ovmca
2020-04-02 15:25:34,532 [main] INFO  com.oracle.appfw.ovm.ws.client.KeytoolHelper - Generating key pair for appframework in /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmclient.jks
2020-04-02 15:25:35,171 [main] INFO  com.oracle.appfw.ovm.ws.client.KeytoolHelper - Exporting clientcert.pem from /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmclient.jks
2020-04-02 15:25:35,342 [main] INFO  com.oracle.appfw.ovm.ws.client.KeytoolHelper - Reading clientcert.pem
2020-04-02 15:25:35,343 [main] INFO  com.oracle.appfw.ovm.ws.client.SSLClientUtil - Signing certificate
2020-04-02 15:25:35,429 [main] ERROR com.oracle.appfw.ovm.ws.client.SSLClientUtil - Unhandled Exception!
com.sun.jersey.api.client.UniformInterfaceException: POST https://<Oracle VM Manager hostname or IP address>:7002/ovm/core/wsapi/rest/Utilities/Certificate?sign=true returned a response status of 500 Internal Server Error
       at com.sun.jersey.api.client.WebResource.handle(WebResource.java)
       at com.sun.jersey.api.client.WebResource.access$200(WebResource.java)
       at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java)
       at com.oracle.ovm.mgr.ws.client.OvmWsUtilitiesRestClient.certificateSignAndRegister(OvmWsUtilitiesRestClient.java:1527)
       at com.oracle.appfw.ovm.ws.client.SSLClientUtil.setUpClientCertificateAuthentication(SSLClientUtil.java:315)
       at com.oracle.appfw.ovm.ws.client.SSLClientUtil.main(SSLClientUtil.java:190)
2020-04-02 15:25:35,430 [main] INFO  com.oracle.appfw.ovm.ws.client.SSLClientUtil - Deleting cacert.pem
2020-04-02 15:25:35,430 [main] INFO  com.oracle.appfw.ovm.ws.client.SSLClientUtil - Deleting clientcert.pem
2020-04-02 15:25:35,437 [main] ERROR com.oracle.appfw.ovm.ws.client.SSLClientUtil - Unhandled Exception!
com.sun.jersey.api.client.UniformInterfaceException: POST https://<Oracle VM Manager hostname or IP address>:7002/ovm/core/wsapi/rest/Utilities/Certificate?sign=true returned a response status of 500 Internal Server Error
       at com.sun.jersey.api.client.WebResource.handle(WebResource.java)
       at com.sun.jersey.api.client.WebResource.access$200(WebResource.java)
       at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java)
       at com.oracle.ovm.mgr.ws.client.OvmWsUtilitiesRestClient.certificateSignAndRegister(OvmWsUtilitiesRestClient.java:1527)
       at com.oracle.appfw.ovm.ws.client.SSLClientUtil.setUpClientCertificateAuthentication(SSLClientUtil.java:315)
       at com.oracle.appfw.ovm.ws.client.SSLClientUtil.main(SSLClientUtil.java:190)

Exception in thread "main" com.sun.jersey.api.client.UniformInterfaceException: POST https://<Oracle VM Manager hostname or IP address>:7002/ovm/core/wsapi/rest/Utilities/Certificate?sign=true returned a response status of 500 Internal Server Error
       at com.sun.jersey.api.client.WebResource.handle(WebResource.java)
       at com.sun.jersey.api.client.WebResource.access$200(WebResource.java)
       at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java)
       at com.oracle.ovm.mgr.ws.client.OvmWsUtilitiesRestClient.certificateSignAndRegister(OvmWsUtilitiesRestClient.java:1527)
       at com.oracle.appfw.ovm.ws.client.SSLClientUtil.setUpClientCertificateAuthentication(SSLClientUtil.java:315)
       at com.oracle.appfw.ovm.ws.client.SSLClientUtil.main(SSLClientUtil.java:190)
Problem invoking WLST - Traceback (innermost last):
 File "/u01/app/oracle/ovm-manager-3/ovm_wlst/jython/reconfigAppFwAuth.py", line 26, in ?
 File "/u01/app/oracle/Middleware/oracle_common/common/wlst/modules/ovm/wlst/commands.py", line 316, in configureAppFwAuthentication
 File "/u01/app/oracle/Middleware/oracle_common/common/wlst/modules/ovm/wlst/domainbuilder.py", line 629, in configureAppFwAuthentication
WLSTException: Failed to configure AppFramework authentication.

<Apr 2, 2020 3:25:35 PM SGT> <Warning> <JNDI> <BEA-050001> <WLContext.close() was called in a different thread than the one in which it was created.>

Error configuring client certificate login

and below error is observed in AdminServer.log, 

####<2020-04-03T02:48:25.810-0400> <Error> <com.oracle.ovm.mgr.api.cert.CertificateService> <[Oracle VM Manager hostname]> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <appframework> <> <7efa7de8-0d64-4e4d-9356-cbb32542133d-0000001c> <1585896505810> <BEA-000000> <org.bouncycastle.operator.OperatorCreationException: cannot create signer: Supplied key (null) is not a RSAPrivateKey instance>
####<2020-04-03T02:48:25.823-0400> <Error> <com.oracle.ovm.mgr.ws.rest.RestBase> <[Oracle VM Manager hostname]> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <appframework> <> <7efa7de8-0d64-4e4d-9356-cbb32542133d-0000001c> <1585896505823> <BEA-000000> <Unhandled Exception processing REST API: Path 'Utilities/Certificate'
com.oracle.ovm.mgr.api.exception.IllegalOperationException: OVMAPI_6079E: Error signing X509 Certificate. cannot create signer: Supplied key (null) is not a RSAPrivateKey instance [Fri Apr 03 02:48:25 EDT 2020]
       at com.oracle.ovm.mgr.api.cert.CertificateServiceImpl.generateSignedCertificate(CertificateServiceImpl.java:452)
       at com.oracle.ovm.mgr.api.cert.CertificateServiceImpl.signCertificate(CertificateServiceImpl.java:151)
       at com.oracle.ovm.mgr.ws.mapper.CertificateMethods.certificateSignAndRegister(CertificateMethods.java:86)
       at com.oracle.ovm.mgr.ws.rest.CertificateRs.certificateCreateOrRegsiter(CertificateRs.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:606)
       at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
       at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$JResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:236)
       at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
       at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
       at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
       at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
      at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
       at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
       at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
       at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
       at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409)
       at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409)
       at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540)
       at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715)
       at weblogic.jaxrs.server.portable.servlet.ServletContainer.service(ServletContainer.java:219)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
...

Changes

This could happen during changing Oracle VM Manager's CA certificate. 

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.