1 Reply Latest reply on Dec 25, 2015 2:52 PM by Theodor Coman - Oracle

    Creating an In-House Code Signing environment




      I am intending to upgrade my client side to JRE 1.8 which as you probably know, has changed its security model, such that you now have to use a digital certificate with E-Business Suite ( in my case ). Per note 1591073.1, you therefore have to either use a Commercial Digital Certificate or follow your own in-House Certificate arrangement.


      I am attempting to use a Certificate from my own In-House CA. My structure is that I have a Root Certificate and an Intermediate Certificate as part of my Chain. I have now been issued a Code Signing Certificate to sign my E-Business JAR files with.


      So per note 1591073.1 I have -


      Per Step 4.4.2, I have imported the In-House Root Certificate into CACERTS using

      keytool –import –alias cap_rootcert -file bel-rootca.cer -trustcacerts –v –keystore cacerts


      keytool -list -keystore cacerts

      Shows the cap_rootcert


      Per Step 4.5.2 I have imported the Intermediate Certificate into keystore adkeystore.dat

      keytool -import -alias cap_intermed -file CAChainDER.cer -trustcacerts -v -keystore adkeystore.dat


      keytool -list -keystore adkeystore.dat

      Shows the cap_intemed certificate


      Per Step 4.5.3 I am trying to import the Code Signing Certificate into adkeystore.dat

      adjkey –import –file CertChain.p7b –trustcacerts


      However I am getting the error :


      Successfully created javaVersionFile.

      alias name used is CAP_keys

      Enter keystore password:  Enter key password for <CAP_keys>:

      Top-level certificate in reply:




      Serial number: 1030f621a624ba8d46570fd410371058

      Valid from: 16/01/15 11:12 until: 16/01/35 11:22

      Certificate fingerprints:

               MD5:  15:21:1B:3B:F2:EE:7A:D7:4C:C2:C2:BC:F6:63:2E:93

               SHA1: BC:FB:61:C0:9C:C6:EA:C9:D6:E3:C4:6E:B6:AF:4B:D1:FC:61:1B:78


      ... is not trusted. Install reply anyway? [no]:  keytool error (likely untranslated): java.lang.IllegalArgumentException


      adjkey error:


      keytool -import -file CertChain.p7b -trustcacerts -keystore /applmgr/cap/capappl/admin/adkeystore.dat -alias CAP_keys


      Any advice or assistance, greatly appreciated,