JpsRuntimeException: JPS-06514: Opening of file based keystore failed. | Weblogic

While starting weblogic server you might see error like “The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause.” and the server will FAIL to start.

Usually this kind of errors can cause due to many reasons and sometimes it results in finally recreating the whole domain but still there are chances to pin point and solve the issue.

Below is a summery of things to do/try while receiving this kind of errors:

 

35357875466> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)

Caused By: oracle.security.jps.JpsRuntimeException: JPS-06514: Opening of file based keystore failed.
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1024)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.JpsException: JPS-06514: Opening of file based keystore failed.
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2866)

Usually the issue could be caused by a permissions problem with the cwallet.sso file
<WLS_DOMAIN>\config\fmwconfig\bootstrap\cwallet.sso, go to properties of it and then security.
Enable full control,modify,Read and execute,read and write permissions for the current user.

on UNIX:

chmod 0777 cwallet.sso

On Windows:

Right click on C:\Oracle (parent\root directory of the installation
Go to Properties
choice security tab
click advanced
click on the entry for Administrators Group
click change permissions
click on the entry Administrators Group
check box "Replace all child object permissions with inheritable permissions from this object"
click "OK"

If the above option does not work, then try the following:

Rename the file cwallet.sso under the domain directory and restart the server. The cwallet.sso file should get re-created.

If all above does not work, try restoring cwallet.sso file from backup and restart the server. In most cases it solves the issue.

After all above you can try to pin point the issue by using below flag in JAVA_OPTS and start the server.

Enable debug by setting the following JAVA_OPTION or JAVA_OPTS in weblogic startup script:

-Djava.security.debug=jpspolicy

Ex: set JAVA_OPTS="-Djava.security.debug=jpspolicy;%JAVA_OPTS%" -- Windows
JAVA_OPTS="-Djava.security.debug=jpspolicy:$JAVA_OPTS" -- Linux/Unix
export JAVA_OPTS

Once the above property is enabled you will see logs like below and can check what is causing the issue and you can solve it accordingly.

Like in below logs its the issue with null KeyStore name.

[JavaPolicyProvider]: System Property [java.specification.version => 1.6]
[JavaPolicyProvider]: System Property [javax.net.ssl.trustStore => /opt/bea/Middleware/wlserver_12.1/server/lib/DemoTrust.jks]
policy: reading file:/opt/bea/Middleware/wlserver_12.1/server/lib/weblogic.policy
java.lang.IllegalArgumentException: null KeyStore name
at sun.security.util.PolicyUtil.getKeyStore(PolicyUtil.java:65)
at sun.security.provider.PolicyFile.init(PolicyFile.java:635)
at sun.security.provider.PolicyFile.access$400(PolicyFile.java:266)
at sun.security.provider.PolicyFile$3.run(PolicyFile.java:546)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:519)
at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:505)
at sun.security.provider.PolicyFile.init(PolicyFile.java:464)
at sun.security.provider.PolicyFile.<init>(PolicyFile.java:309)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Policy.getPolicyNoCheck(Policy.java:167)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:643)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.containsCredential(SspCredentialStore.java:320)
at oracle.security.jps.internal.keystore.file.FileKeyStoreIntegrityChecker$3.run(FileKeyStoreIntegrityChecker.java:176)
at oracle.security.jps.internal.keystore.file.FileKeyStoreIntegrityChecker$3.run(FileKeyStoreIntegrityChecker.java:174)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.keystore.file.FileKeyStoreIntegrityChecker.CsContainsHash(FileKeyStoreIntegrityChecker.java:174)
at oracle.security.jps.internal.keystore.file.FileKeyStoreIntegrityChecker.<init>(FileKeyStoreIntegrityChecker.java:81)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.<init>(FileKeyStoreManager.java:165)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.getInstance(FileKeyStoreManager.java:146)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:95)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:76)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:66)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:64)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
at oracle.security.jps.internal.policystore.PolicyUtil$2.run(PolicyUtil.java:2827)
at oracle.security.jps.internal.policystore.PolicyUtil$2.run(PolicyUtil.java:2821)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2821)
at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:148)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

 

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.