Oracle provides troubleshooting advice for common errors that may arise.
Topics:
See Also:
The following sections for additional advice on using Oracle Key Vault:You can find and troubleshoot errors by referring to the Oracle Key Vault log files.
You can check the log files, which are located in the /var/log/messages
file. These log files record information such as (items they record). To check for log file errors, as root, do the following:
root# vi /var/log/messages
The Cannot Open Keystore
error can appear when you try to upload a Java keystore to the Oracle Key Vault server.
You can try the following solutions:
Ensure that the PATH
environment variable has been correctly set.
Check where the keytool and Java are pointing to, by entering the following commands in a shell:
which keytool which java
Ensure that you are using Oracle Java.
General KMIP
errors can occur when you are trying to upload Oracle wallets to virtual wallets on multiple endpoints.
The General KMIP
error occurs when you try the following sequence of actions:
You configure two or more endpoints (for example, Endpoint A and Endpoint B) to share a wallet (Oracle Wallet C), and hence also share the wallet keys.
You register Endpoints A and B with Oracle Key Vault.
You create a default wallet (Virtual Wallet A) for Endpoint A and then a default wallet (Virtual Wallet B) for Endpoint B. Each virtual wallet is accessible only to the corresponding endpoint. For example, Endpoint B has no access to Virtual Wallet A.
You upload Oracle Wallet C into Virtual Wallet A on Endpoint A.
You attempt to upload Oracle Wallet C from Endpoint B into Virtual Wallet B Endpoint B.
The KMIP error occurs because there are two copies of the same key being created and Endpoint B does not have visibility for both. If Endpoint A tries to upload the first key again, Oracle Key Vault detects this action and accounts for it. But because in Step 5, Endpoint B is not allowed to see the first key, Oracle Key Vault is unable to perform the necessary harmonization for the two Oracle wallets.
This is expected behavior. Instead, create an endpoint group so that you can share the wallet with multiple endpoints. See "Managing Endpoint Groups" for more information.
Note:
The KMIP error can occur for other scenarios, but this scenario is the most common.If you upload two keystores with the same file name but with different contents, a WARNING: Could not store private key
error is generated.
This occurs if you use the same alias (-alias slserver
) in each okvutil upload
command. When you download two such keystores that have the same alias, the okvutil download
process ignores the second one because the JKS aliases must be unique. Download the second keystore using a unique alias.
See Also:
"Downloading JKS or JCEKS Keystores"After you perform an upgrade of Oracle Key Vault on an standalone server, ORA-1109
, ORA-00313
, and ORA-00312
error messages may appear in the /var/log/messages
log file.
You can safely ignore these messages. Error messages also appear in the /var/log/debug
file.