Michael Wang

Issue: After installation of standalone OHS and create an instance, the node manager cannot start:

[oracle@centos01 bin]$ NODEMGR_HOME is already set to /app01/config/ohs_domain/nodemanager
CLASSPATH=/app01/product/jdk1.8.0_172/lib/tools.jar:/app01/product/OHS/wlserver/server/lib/weblogic.jar:/app01/product/OHS/wlserver/../oracle_common/modules/thirdparty/ant-contrib-1.0b3.jar:/app01/product/OHS/wlserver/modules/features/oracle.wls.common.nodemanager.jar:/u01/app/oracle/product/12.2.0/dbhome_1/jlib:/u01/app/oracle/product/12.2.0/dbhome_1/rdbms/jlib:/app01/product/OHS/wlserver/..:/app01/product/OHS/wlserver/modules/features/oracle.wls.common.grizzly.jar
+ /app01/product/jdk1.8.0_172/bin/java -server -Xms32m -Xmx200m -Djdk.tls.ephemeralDHKeySize=2048 -Dcoherence.home=/app01/product/OHS/wlserver/../coherence -Dbea.home=/app01/product/OHS/wlserver/.. -Dweblogic.RootDirectory=/app01/config/ohs_domain -Djava.system.class.loader=com.oracle.classloader.weblogic.LaunchClassLoader -Djava.security.policy=/app01/product/OHS/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/app01/product/jdk1.8.0_172 weblogic.NodeManager -v
<May 18, 2018 6:12:05 PM EDT> <INFO> <Loading domains file: /app01/config/ohs_domain/nodemanager/nodemanager.domains>
<May 18, 2018 6:12:07 PM EDT> <INFO> <Loading identity key store: FileName=/app01/config/ohs_domain/security/DemoIdentity.jks, Type=jks, PassPhraseUsed=true>
<May 18, 2018 6:12:07 PM EDT> <SEVERE> <Fatal error in NodeManager server>
weblogic.nodemanager.common.ConfigException: Identity key store file not found: /app01/config/ohs_domain/security/DemoIdentity.jks
at weblogic.nodemanager.server.SSLConfig.loadKeyStoreConfig(SSLConfig.java:225)
at weblogic.nodemanager.server.SSLConfig.access$000(SSLConfig.java:33)
at weblogic.nodemanager.server.SSLConfig$1.run(SSLConfig.java:118)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.nodemanager.server.SSLConfig.<init>(SSLConfig.java:115)
at weblogic.nodemanager.server.NMServer.<init>(NMServer.java:169)
at weblogic.nodemanager.server.NMServer.getInstance(NMServer.java:134)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:589)
at weblogic.NodeManager.main(NodeManager.java:31)

+ status=1
+ set +x
/app01/config/ohs_domain/bin

[1]+ Done ./startNodeManager.sh

Solution:

[oracle@centos01 bin]$ pwd
/app01/product/WCPortal/wlserver/server/bin
[oracle@centos01 bin]$ . ./setWLSEnv.sh
CLASSPATH=/app01/product/jdk1.8.0_172/lib/tools.jar:/app01/product/WCPortal/wlserver/modules/features/wlst.wls.classpath.jar:/u01/app/oracle/product/12.2.0/dbhome_1/jlib:/u01/app/oracle/product/12.2.0/dbhome_1/rdbms/jlib

PATH=/app01/product/WCPortal/wlserver/server/bin:/app01/product/WCPortal/wlserver/../oracle_common/modules/thirdparty/org.apache.ant/1.9.8.0.0/apache-ant-1.9.8/bin:/app01/product/jdk1.8.0_172/jre/bin:/app01/product/jdk1.8.0_172/bin:/app01/product/jdk/bin:/u01/app/oracle/product/12.2.0/dbhome_1/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oracle/.local/bin:/home/oracle/bin:/app01/product/WCPortal/wlserver/../oracle_common/modules/org.apache.maven_3.2.5/bin

Your environment has been set.

[oracle@centos01 bin]$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 1024 -noskid
Generating a certificate with common name centos01 and key strength 1024
issued by CA with certificate from /app01/product/WCPortal/wlserver/server/lib/CertGenCA.der file and key from /app01/product/WCPortal/wlserver/server/lib/CertGenCAKey.der file

[oracle@centos01 bin]$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
<May 18, 2018 6:19:22 PM EDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<May 18, 2018 6:19:22 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>

Imported private key demokey.pem and certificate democert.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity
[oracle@centos01 bin]$

[oracle@centos01 bin]$ cp -p DemoIdentity.jks /app01/config/ohs_domain/security/
[oracle@centos01 bin]$

Leave a Reply

Your email address will not be published. Required fields are marked *