My Oracle Support Banner

Oracle Key Manager 3.3.2 - After Renewing Root CA Certificate KMA Shows As Not Responding In The Cluster (Doc ID 2506903.1)

Last updated on DECEMBER 09, 2022

Applies to:

Oracle Key Manager - Version 3.3 to 3.3 [Release 3.0]
Information in this document applies to any platform.


After upgrading OKM from 3.3 to 3.3.2 version, the site tried to renew Root CA certificate from sha1  X.509v1 to sha256 X.509v3, as described in the 'Renew the Root CA Certificate' section of the OKM Administration Guide.

After selecting X.508v3, the KMA results shows 'Not responding'  from the others KMAs in the cluster. 

Also, the site was not able log into that KMA server using the OKM GUI.

After a reboot, in the KMA Console the following errors were reported:


 The site logged into the KMA's ILOM and ran a Launch - Redirection to get into the KMA Console. 

 Starting in OKM version 3.3.2 there are two new menu option in the KMA Console menu,  option 11 and 12 .

Note: There will only be menu option 12, if the KMA server has been upgraded to OKM version 3.3.2 and the Replication rate has been increased to 16.

   Menu option 11 shows the current certificate and sha version running on that KMA server.

   Menu option 12 allows the customer to change the certificate to the next higher version.  

The site chose sha256.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.