Here are the steps I performed to fix the Cert Path error in DEV SOA.
Note: I created cacerts-new first as a precaution to ensure creation of new keystore worked before blowing aware existing cacerts file. Of course I made a backup copy anyway, but I do this as good practice to minimise disruption to a running system.
Backup cacerts --> cacerts.20170216
dev-ofmw-101.soa_ms01-[security] > pwd
/u01/app/oracle/product/ofm_11.1.1.6/fmw/jrockit-jdk1.6.0_37-R28.2.5-4.1.0/jre/lib/security
dev-ofmw-101.-soa_ms01-[security] > ls -l cacerts*
-rwxr-x--- 1 oracle oinstall 92218 Feb 13 09:58 cacerts
dev-ofmw-102.-soa_ms02-[security] > pwd
/u01/app/oracle/product/ofm_11.1.1.6/fmw/jrockit-jdk1.6.0_37-R28.2.5-4.1.0/jre/lib/security
dev-ofmw-102.-soa_ms02-[security] > ls -l cacerts*
-rwxr-xr-x 1 oracle oinstall 92218 Feb 13 10:00 cacerts
Create new cacerts keystore
dev-ofmw-101
../../bin/keytool -import -trustcacerts -keystore ./cacerts-new -storepass
../../bin/keytool -import -trustcacerts -keystore ./cacerts-new -storepass
../../bin/keytool -import -trustcacerts -keystore ./cacerts-new -storepass
dev-ofmw-101.soa_ms01-[security] > ../../bin/keytool -keystore ./cacerts-new -list
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
root.ca-g2, Feb 16, 2017, trustedCertEntry,
Certificate fingerprint (MD5): BF:E0:7A:A4:CA:8F:28:9C:77:28:71:FE:E8:15:12:FE
mw-apps-dev, Feb 16, 2017, trustedCertEntry,
Certificate fingerprint (MD5): D8:20:74:8E:FE:EE:9C:36:BF:EF:2F:9A:76:F5:57:9F
issuing.ca-g3, Feb 16, 2017, trustedCertEntry,
Certificate fingerprint (MD5): 48:87:8B:EA:87:DB:B9:E3:BE:00:05:E1:81:C8:E7:E4
dev-ofmw-101-soa_ms01-[security] > mv cacerts-new cacerts
dev-ofmw-101-soa_ms01-[security] > chmod 750 cacerts
dev-ofmw-101-soa_ms01-[security] > ls -l cacerts*
-rwxr-x--- 1 oracle oinstall 5794 Feb 16 12:09 cacerts
dev-ofmw-102
../../bin/keytool -import -trustcacerts -keystore ./cacerts-new -storepass
../../bin/keytool -import -trustcacerts -keystore ./cacerts-new -storepass
../../bin/keytool -import -trustcacerts -keystore ./cacerts-new -storepass
../../bin/keytool -keystore ./cacerts-new -list
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
root.ca-g2, Feb 16, 2017, trustedCertEntry,
Certificate fingerprint (MD5): BF:E0:7A:A4:CA:8F:28:9C:77:28:71:FE:E8:15:12:FE
mw-apps-dev, Feb 16, 2017, trustedCertEntry,
Certificate fingerprint (MD5): D8:20:74:8E:FE:EE:9C:36:BF:EF:2F:9A:76:F5:57:9F
issuing.ca-g3, Feb 16, 2017, trustedCertEntry,
Certificate fingerprint (MD5): 48:87:8B:EA:87:DB:B9:E3:BE:00:05:E1:81:C8:E7:E4
dev-ofmw-102.-soa_ms02-[security] > mv cacerts-new cacerts
dev-ofmw-102-soa_ms02-[security] > chmod 750 cacerts
dev-ofmw-102-soa_ms02-[security] > ls -l cacerts*
-rwxr-x--- 1 oracle oinstall 5794 Feb 16 12:12 cacerts
No comments:
Post a Comment