Forum Stats

  • 3,837,808 Users
  • 2,262,300 Discussions


Dubts about Oracle Forms jars with caducated certificates

hetosu Member Posts: 3 Blue Ribbon


I have some jars of oracle forms in a server with the certificates caducated. When I start the application throught URL on browser or using frmsal, no warnings and no errors appear and all work fine. The certificate is expired but the timestamp not. I've read a lot about signning the jars but I don't undertand why seem tha they can work fine with expired certificated.  Could you please show me the truth about it

Thank's a lot!


  • F.Matz
    F.Matz Member Posts: 41 Red Ribbon

    If you have signed the JAR with a valid certificate (write process),

    this JAR remains validly signed within the valid timestamp interval (read process).

  • hetosu
    hetosu Member Posts: 3 Blue Ribbon

    Ok, but I don't understand why the browser admit a file with certificate expired. Is thi normal?

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,299 Employee

    To expand on this. Assuming the use of "timestamp", the certificate used to insert a digital signature into a JAR has an expiration. The digital signature created by that certificate does not expire once it has been created (generally speaking). There is an expiration for "timestamped" signatures, but that time is usually very far into the future and not of concern.

    Think of it as a pen and paper. When you sign your name on paper, your signature is valid through the life of that paper. However, the pen you used to create that signature has an expiration (ink dries up). Just because the ink is no longer good in the pen does not change the fact that the paper already has your signature on it.

    This is a gross oversimplification of how it works, but should help make the process more clear.

    Michael Ferrante

    Senior Principal Product Manager


    Twitter: @OracleFormsPM