1 Reply Latest reply on Dec 25, 2015 2:52 PM by Theodor Coman - Oracle

    Creating an In-House Code Signing environment

    Jimbo

      Hi,

       

      I am intending to upgrade my client side to JRE 1.8 which as you probably know, has changed its security model, such that you now have to use a digital certificate with E-Business Suite ( in my case 11.5.10.2 ). Per note 1591073.1, you therefore have to either use a Commercial Digital Certificate or follow your own in-House Certificate arrangement.

       

      I am attempting to use a Certificate from my own In-House CA. My structure is that I have a Root Certificate and an Intermediate Certificate as part of my Chain. I have now been issued a Code Signing Certificate to sign my E-Business JAR files with.

       

      So per note 1591073.1 I have -

       

      Per Step 4.4.2, I have imported the In-House Root Certificate into CACERTS using

      keytool –import –alias cap_rootcert -file bel-rootca.cer -trustcacerts –v –keystore cacerts

       

      keytool -list -keystore cacerts

      Shows the cap_rootcert

       

      Per Step 4.5.2 I have imported the Intermediate Certificate into keystore adkeystore.dat

      keytool -import -alias cap_intermed -file CAChainDER.cer -trustcacerts -v -keystore adkeystore.dat

       

      keytool -list -keystore adkeystore.dat

      Shows the cap_intemed certificate

       

      Per Step 4.5.3 I am trying to import the Code Signing Certificate into adkeystore.dat

      adjkey –import –file CertChain.p7b –trustcacerts

       

      However I am getting the error :

       

      Successfully created javaVersionFile.

      alias name used is CAP_keys

      Enter keystore password:  Enter key password for <CAP_keys>:

      Top-level certificate in reply:

       

      Owner: CN=CAP-SVRROOTCA-CA

      Issuer: CN=BEL-SVRROOTCA-CA

      Serial number: 1030f621a624ba8d46570fd410371058

      Valid from: 16/01/15 11:12 until: 16/01/35 11:22

      Certificate fingerprints:

               MD5:  15:21:1B:3B:F2:EE:7A:D7:4C:C2:C2:BC:F6:63:2E:93

               SHA1: BC:FB:61:C0:9C:C6:EA:C9:D6:E3:C4:6E:B6:AF:4B:D1:FC:61:1B:78

       

      ... is not trusted. Install reply anyway? [no]:  keytool error (likely untranslated): java.lang.IllegalArgumentException

       

      adjkey error:

       

      keytool -import -file CertChain.p7b -trustcacerts -keystore /applmgr/cap/capappl/admin/adkeystore.dat -alias CAP_keys

       

      Any advice or assistance, greatly appreciated,

      Jim