Regenerating DemoIdentity.jks and/or DemoTrust.jks (Doc ID 1392455.1)

ym-Oracle
ym-Oracle Orion GCS Customer Posts: 1

I did regen DemoIdentity.jks and DemoTrust.jks as per DOC ID. I got new validity for DemoIdentity.jks. However, gen new DemoTrust.jks still have the same wlscertgencab validity.


1. wlscertgencab validity still the same. Is this going to cause an issue in the future since we set Secure Listener to true in nodemanager.properties. If so, what's the fix for this?


2. when list keystore /u01/oraclebi/Middleware/wlserver_10.3/server/lib/DemoTrust.jks. We noticed that "Alias name: certgenca". We do need this in new DemoTrust.jks as well.


===== creating new DemoTrust.jks as per  DOC ID ==========

keytool -importcert -trustcacerts -alias wlscertgencab -keystore /tmp/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -file /u01/oraclebi/Middleware/wlserver_10.3/server/lib/CertGenCA.der

Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Serial number: xxxxxx

Valid from: Thu Oct 24 15:54:45 UTC 2002 until: Tue Oct 25 15:54:45 UTC 2022

Certificate fingerprints:

MD5: xxxxxx

SHA1: xxxxxx

SHA256: xxxxxx

Signature algorithm name: MD5withRSA

Version: 3


Extensions:


#1: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

 CA:true

 PathLen:1

]


#2: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

 Key_CertSign

]


===== list new DemoTrust.jks ==========

keytool -list -v -keystore /tmp/DemoTrust.jks

Enter keystore password: 


Keystore type: JKS

Keystore provider: SUN


Your keystore contains 1 entry


Alias name: wlscertgencab

Creation date: Aug 31, 2021

Entry type: trustedCertEntry


Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Serial number: xxxxx

Valid from: Thu Oct 24 15:54:45 UTC 2002 until: Tue Oct 25 15:54:45 UTC 2022

Certificate fingerprints:

MD5: xxxxx

SHA1: xxxxx

SHA256: xxxxx

Signature algorithm name: MD5withRSA

Version: 3


Extensions:


#1: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

 CA:true

 PathLen:1

]


#2: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

 Key_CertSign

]






===== list existing DemoTrust.jks ==========

$ keytool -list -v -keystore /u01/oraclebi/Middleware/wlserver_10.3/server/lib/DemoTrust.jks


Alias name: wlscertgencab

Creation date: Jan 24, 2003

Entry type: trustedCertEntry


Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Serial number: xxxxxx

Valid from: Thu Oct 24 15:54:45 UTC 2002 until: Tue Oct 25 15:54:45 UTC 2022

Certificate fingerprints:

MD5: xxxxxx

SHA1: xxxxxx

SHA256: xxxxxx

Signature algorithm name: MD5withRSA

Version: 3


Extensions:


#1: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

 CA:true

 PathLen:1

]


#2: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

 Key_CertSign

]




Alias name: certgenca

Creation date: Mar 22, 2002

Entry type: trustedCertEntry


Owner: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US

Serial number: xxxxxx

Valid from: Thu Mar 21 20:12:27 UTC 2002 until: Tue Mar 22 20:12:27 UTC 2022

Certificate fingerprints:

MD5: xxxxxx

SHA1: xxxxxx

SHA256: xxxxxx

MD5withRSA

Version: 3


Extensions:


#1: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

 Key_CertSign

]