Import the Jar Signing Certificate for Oracle E-Business Suite
Reference: Enhanced Jar Signing for Oracle E-Business Suite (Doc ID 1591073.1)
Step 1: Generate Keypair and Certificate Signing Request
bash:~$ cd $NE_BASE/EBSapps/appl/ad/admin
bash:~$ adjkey -initialize -keysize 2048 -alias nizamappsdba
Copyright (c) 2002, 2012 Oracle Corporation
Redwood Shores, California, USA
AD Java Key Generation
Version 12.2.0
NOTE: You may not use this utility for custom development
unless you have written permission from Oracle Corporation.
Reading product information from file...
Reading language and territory information from file...
Reading language information from applUS.txt ...
Enter the APPS username: apps
Enter the APPS password:
Successfully created javaVersionFile.
adjkey will now create a signing entity for you.
Enter the COMMON NAME [ ] : nizamappsdba.blogspot.com
Enter the ORGANIZATION NAME [nizamappsdba.blogspot.com] : Nizam Blog for Oracle Apps DBA
Enter the ORGANIZATION UNIT [ ] : Nizam
Enter the LOCALITY (or City) [ ] : Wandoor
Enter the STATE (or Province or County) [ ] : Kerala
Enter the COUNTRY (two-letter ISO abbreviation) [ ] : IND
Enter keystore password: Re-enter new password: Enter key password for <nizamappsdba>
(RETURN if same as keystore password): Re-enter new password:
/erp_appl/HRDPRE/PREPROD/fs1/EBSapps/comn/util/jdk/jre/bin/java sun.security.tools.KeyTool -genkey -alias nizamappsdba -keyalg RSA -keysize 2048 -keystore /erp_appl/HRDPRE/PREPROD/fs_ne/EBSapp s/appl/ad/admin/adkeystore.dat -validity 14600 -dname " CN=nizamappsdba.blogspot.com, O=Nizam Blog for Oracle Apps DBA, OU=NIZAM, L=Wandoor, S=Kerala, C=IND"
The above Java program completed successfully.
Your digital signature has been created successfully and
imported into the keystore database. This signature
will now be used to sign Applications JAR files whenever
they are patched.
IMPORTANT: If you have multiple web servers, you must copy
files to each of the remaining web servers on your site.
See the documentation reference for more information.
adjkey is complete.
bash:~$
You do not need to enter a new password for the keystore, as it will take the default. Use below code to see the passwords: SQL> set serveroutput on SQL> declare spass varchar2(30); kpass varchar2(30); begin ad_jar.get_jripasswords(spass, kpass); dbms_output.put_line(spass); dbms_output.put_line(kpass); end; / puneet <== default password for keystore myxuan <== default password for the key
Step 2: Create a Certificate Signing Request
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ keytool -sigalg SHA256withRSA -certreq -keystore adkeystore.dat -file adkeystore.csr -alias nizamappsdba
Enter keystore password:
Enter key password for <nisamappsdba>
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$
Step 3: List the Certificate Request content
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ keytool -list -v -keystore adkeystore.dat
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: nizamappsdba
Creation date: Dec 1, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=nizamappsdba.blogspot.com, O=Nizam Blog for Oracle Apps DBA, OU=Nizam, L=Wandoor, ST=Kerala, C=IND
Issuer: CN=nizamappsdba.blogspot.com, O=Nizam Blog for Oracle Apps DBA, OU=Nizam, L=Wandoor, ST=Kerala, C=IND
Serial number: 7cf6666d
Valid from: Sat Dec 01 12:15:23 GST 2018 until: Thu Nov 21 12:15:23 GST 2058
Step 4: Import your Certificate(s)
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ cp nizamappsdba.p7b adkeystore.crt
applpre@au1620:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$ keytool -import -file adkeystore.crt -trustcacerts -alias nizamappsdba -keystore adkeystore.dat
Enter keystore password:
Enter key password for <nizamappsdba>
Certificate reply was installed in keystore
bash:/erp_appl/HRDPRE/PREPROD/fs_ne/EBSapps/appl/ad/admin$
Step 5: Regenerate the Jar Files using adadmin utility
Step 6: Stop the application services adstopall.sh
Step 7: Regenerate Jar files using force option using adadmin utility
Step 8: Start the application services using adstrall.sh