问题描述
- 修改了系统时间,导致oem挂掉,然后oms也无法启动。为了记录这个解决办法,贴帖如下,谢谢!
-
修改了系统时间,导致oem挂掉,然后oms也无法启动。为了记录这个解决办法,贴帖如下:Note: In case of a multi-OMS setup, perform the steps below on each OMS Host
1.Make sure you take backup of DemoIdentity.jks and DemoTrust.jks files in the location /wlserver_10.3/server/lib/ folder
2.Set the necessary environment variables:
$ cd /user_projects/domains/GCDomain/bin
$ . ./setDomainEnv.sh
Note that you need to replace with the full path to the gc_inst directory.
3.Execute the command below to in any folder ($MIDDLEWARE_HOME/keystores is used as an example) to generate identity entities (server certificate plus key)
of keystrength 1024
$java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 1024
Eg:
$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 1024
Generating a certificate with common name srraghav-pc.idc.oracle.com and key strength 1024
issued by CA with certificate from /u02/12c2/Middleware/wlserver_10.3/server/lib/CertGenCA.der file and key from
/u02/12c2/Middleware/wlserver_10.3/server/lib/CertGenCAKey.der fileNOTE: This will create the files below in the current working directory.
democert.der
democert.pem
demokey.der
demokey.pem
4.Now execute the below command in same location to create a keystore and import the server certificate :
$java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demoKey -keyfilepass DemoIdentityPassPhrase -
certfile democert.pem -keyfile demokey.pem -alias demoidentity
Eg:
$java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demoKey -keyfilepass DemoIdentityPassPhrase -
certfile democert.pem -keyfile demokey.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
Imported private key demokey.pem and certificate democert.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentityNOTE: This would create "DemoIdentity.jks" in the present working directory.
5.Confirm that the certificate (along with key) is imported:
keytool -list -v -keystore DemoIdentity.jks
(Listing keystore doesn't require password to be entered. Hence, user can simply press enter when prompted for password.)
Eg:
keytool -list -v -keystore DemoIdentity.jks
Enter keystore password:
***************** WARNING WARNING WARNING *****************- The integrity of the information stored in your keystore *
- has NOT been verified! In order to verify its integrity, *
- you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: demoidentity
Creation date: Aug 1, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=srraghav-pc.idc.oracle.com, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 3947c0d6128ba3d00bd4740204b2ad06
Valid from: Wed Jul 31 20:06:57 IST 2013 until: Tue Aug 01 20:06:57 IST 2028
Certificate fingerprints:
MD5: CD:6A:95:20:85:3E:92:A83:AF:93:BF:07:AA:CB:48
SHA1: 4B:12:CC:A3:4C:FC:7D:79:B6:0D:E22:C8:95:0A:E6:65:AC:07:97
Signature algorithm name: MD5withRSA
Version: 1
NOTE: The following files can be cleaned from the present directory as they are no longer needed:
democert.der
democert.pem
demokey.der
demokey.pem
5.Stop the OMS
/bin>./emctl stop oms -all
Ensure no process is running from MIDDLEWARE_HOME path.
6.Copy the newly created DemoIdentity.jks to /wlserver_10.3/server/lib/ directory
7.Start the OMS
/bin>./emctl start oms
请大家帮忙看看是什么原因,哪里有问题吗?急!谢谢!