I am intending to upgrade my client side to JRE 1.8 which as you probably know, has changed its security model, such that you now have to use a digital certificate with E-Business Suite ( in my case 18.104.22.168 ). Per note 1591073.1, you therefore have to either use a Commercial Digital Certificate or follow your own in-House Certificate arrangement.
I am attempting to use a Certificate from my own In-House CA. My structure is that I have a Root Certificate and an Intermediate Certificate as part of my Chain. I have now been issued a Code Signing Certificate to sign my E-Business JAR files with.
So per note 1591073.1 I have -
Per Step 4.4.2, I have imported the In-House Root Certificate into CACERTS using
keytool –import –alias cap_rootcert -file bel-rootca.cer -trustcacerts –v –keystore cacerts
keytool -list -keystore cacerts
Shows the cap_rootcert
Per Step 4.5.2 I have imported the Intermediate Certificate into keystore adkeystore.dat
keytool -import -alias cap_intermed -file CAChainDER.cer -trustcacerts -v -keystore adkeystore.dat
keytool -list -keystore adkeystore.dat
Shows the cap_intemed certificate
Per Step 4.5.3 I am trying to import the Code Signing Certificate into adkeystore.dat
adjkey –import –file CertChain.p7b –trustcacerts
However I am getting the error :
Successfully created javaVersionFile.
alias name used is CAP_keys
Enter keystore password: Enter key password for <CAP_keys>:
Top-level certificate in reply:
Serial number: 1030f621a624ba8d46570fd410371058
Valid from: 16/01/15 11:12 until: 16/01/35 11:22
... is not trusted. Install reply anyway? [no]: keytool error (likely untranslated): java.lang.IllegalArgumentException
keytool -import -file CertChain.p7b -trustcacerts -keystore /applmgr/cap/capappl/admin/adkeystore.dat -alias CAP_keys
Any advice or assistance, greatly appreciated,
please provide CertChain.p7b and adkeystore.dat files for further investigation.