Categories
Regenerating DemoIdentity.jks and/or DemoTrust.jks (Doc ID 1392455.1)
I did regen DemoIdentity.jks and DemoTrust.jks as per DOC ID. I got new validity for DemoIdentity.jks. However, gen new DemoTrust.jks still have the same wlscertgencab validity.
1. wlscertgencab validity still the same. Is this going to cause an issue in the future since we set Secure Listener to true in nodemanager.properties. If so, what's the fix for this?
2. when list keystore /u01/oraclebi/Middleware/wlserver_10.3/server/lib/DemoTrust.jks. We noticed that "Alias name: certgenca". We do need this in new DemoTrust.jks as well.
===== creating new DemoTrust.jks as per DOC ID ==========
keytool -importcert -trustcacerts -alias wlscertgencab -keystore /tmp/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -file /u01/oraclebi/Middleware/wlserver_10.3/server/lib/CertGenCA.der
Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: xxxxxx
Valid from: Thu Oct 24 15:54:45 UTC 2002 until: Tue Oct 25 15:54:45 UTC 2022
Certificate fingerprints:
MD5: xxxxxx
SHA1: xxxxxx
SHA256: xxxxxx
Signature algorithm name: MD5withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]
===== list new DemoTrust.jks ==========
keytool -list -v -keystore /tmp/DemoTrust.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: wlscertgencab
Creation date: Aug 31, 2021
Entry type: trustedCertEntry
Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: xxxxx
Valid from: Thu Oct 24 15:54:45 UTC 2002 until: Tue Oct 25 15:54:45 UTC 2022
Certificate fingerprints:
MD5: xxxxx
SHA1: xxxxx
SHA256: xxxxx
Signature algorithm name: MD5withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]
===== list existing DemoTrust.jks ==========
$ keytool -list -v -keystore /u01/oraclebi/Middleware/wlserver_10.3/server/lib/DemoTrust.jks
Alias name: wlscertgencab
Creation date: Jan 24, 2003
Entry type: trustedCertEntry
Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: xxxxxx
Valid from: Thu Oct 24 15:54:45 UTC 2002 until: Tue Oct 25 15:54:45 UTC 2022
Certificate fingerprints:
MD5: xxxxxx
SHA1: xxxxxx
SHA256: xxxxxx
Signature algorithm name: MD5withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]
Alias name: certgenca
Creation date: Mar 22, 2002
Entry type: trustedCertEntry
Owner: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: xxxxxx
Valid from: Thu Mar 21 20:12:27 UTC 2002 until: Tue Mar 22 20:12:27 UTC 2022
Certificate fingerprints:
MD5: xxxxxx
SHA1: xxxxxx
SHA256: xxxxxx
MD5withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]