Import the Jar Signing Certificate for Oracle E-Business Suite


Import the Jar Signing Certificate for Oracle E-Business Suite

Reference: Enhanced Jar Signing for Oracle E-Business Suite (Doc ID 1591073.1)





Step 1: Generate Keypair and Certificate Signing Request

bash:~$  cd $NE_BASE/EBSapps/appl/ad/admin
bash:~$ adjkey -initialize -keysize 2048 -alias nizamappsdba

                     Copyright (c) 2002, 2012 Oracle Corporation
                        Redwood Shores, California, USA

                             AD Java Key Generation

                                 Version 12.2.0

NOTE: You may not use this utility for custom development
      unless you have written permission from Oracle Corporation.

Reading product information from file...

Reading language and territory information from file...

Reading language information from applUS.txt ...

Enter the APPS username: apps

Enter the APPS password:

Successfully created javaVersionFile.

adjkey will now create a signing entity for you.

Enter the COMMON NAME [ ] : nizamappsdba.blogspot.com

Enter the ORGANIZATION NAME [nizamappsdba.blogspot.com] : Nizam Blog for Oracle Apps DBA

Enter the ORGANIZATION UNIT [ ] : Nizam

Enter the LOCALITY (or City) [ ] : Wandoor

Enter the STATE (or Province or County) [ ] : Kerala

Enter the COUNTRY (two-letter ISO abbreviation) [ ] :  IND
Enter keystore password:  Re-enter new password: Enter key password for <nizamappsdba>
        (RETURN if same as keystore password):  Re-enter new password:
/erp_appl/HRDPRE/PREPROD/fs1/EBSapps/comn/util/jdk/jre/bin/java sun.security.tools.KeyTool -genkey -alias nizamappsdba -keyalg RSA -keysize  2048 -keystore /erp_appl/HRDPRE/PREPROD/fs_ne/EBSapp                                                   s/appl/ad/admin/adkeystore.dat -validity 14600 -dname " CN=nizamappsdba.blogspot.com, O=Nizam Blog for Oracle Apps DBA, OU=NIZAM, L=Wandoor, S=Kerala, C=IND"

The above Java program completed successfully.
Your digital signature has been created successfully and
imported into the keystore database. This signature
will now be used to sign Applications JAR files whenever
they are patched.

  IMPORTANT: If you have multiple web servers, you must copy
  files to each of the remaining web servers on your site.
  See the documentation reference for more information.


adjkey is complete.

bash:~$



You do not need to enter a new password for the keystore, as it will take the default. Use below code to see the passwords: SQL> set serveroutput on SQL> declare spass varchar2(30); kpass varchar2(30); begin ad_jar.get_jripasswords(spass, kpass); dbms_output.put_line(spass); dbms_output.put_line(kpass); end; / puneet <== default password for keystore myxuan <== default password for the key
Step 2: Create a Certificate Signing Request

bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ keytool -sigalg SHA256withRSA -certreq -keystore adkeystore.dat -file adkeystore.csr -alias nizamappsdba
Enter keystore password:
Enter key password for <nisamappsdba>
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$


Step 3: List the Certificate Request content

bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ keytool -list -v -keystore adkeystore.dat
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: nizamappsdba
Creation date: Dec 1, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=nizamappsdba.blogspot.com, O=Nizam Blog for Oracle Apps DBA, OU=Nizam, L=Wandoor, ST=Kerala, C=IND
Issuer: CN=nizamappsdba.blogspot.com, O=Nizam Blog for Oracle Apps DBA, OU=Nizam, L=Wandoor, ST=Kerala, C=IND
Serial number: 7cf6666d
Valid from: Sat Dec 01 12:15:23 GST 2018 until: Thu Nov 21 12:15:23 GST 2058


Step 4: Import your Certificate(s)

bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ cp nizamappsdba.p7b adkeystore.crt

applpre@au1620:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ keytool -import -file adkeystore.crt -trustcacerts -alias nizamappsdba -keystore adkeystore.dat
Enter keystore password:
Enter key password for <nizamappsdba>
Certificate reply was installed in keystore
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$



Step 5: Regenerate the Jar Files using adadmin utility
Step 6: Stop the application services adstopall.sh
Step 7: Regenerate Jar files using force option using adadmin utility
Step 8: Start the application services using adstrall.sh

appsdbahelp

17+ years of experience in Oracle Database, Oracle Cloud Infrastructure(OCI), Oracle EBS on Cloud, Oracle E-Business Suite, DevOps tools, Oracle WebLogic, Oracle Application Server, Oracle Access Manager and various Operating System flavors including Redhat Linux, UNIX (Solaris, HP-UX) and Windows. Expert in Oracle9i/10g/11g/12c/19c database administration, upgrade, configuration and tuning. Experience in Oracle E-Business Suite technological stack, including architecture, installation, configuration, maintenance, tuning, cloning and patching procedures. Expert in Oracle Cloud Infrastructure(OCI), Oracle EBS On Cloud and Oracle EBS Cloud Manager Experience with Oracle Cloud Solution and Expert of Oracle ERP/Oracle HCM Cloud deployment Experience in Terraform, JSON and chef cloud infrastructure automation framework Knowledge of ASM, Data Guard, Real Application Cluster, Exadata and Exalogic Knowledge of Oracle Enterprise Manager(OEM) Grid Control, Oracle WebLogic, Oracle Internet Directory, Oracle Access Manager and Apache Ability to analyze problem, develops solutions and bring program/project execution to completion.

Post a Comment

Previous Post Next Post