Verisign Certificate Revoke Issue/ Sign Standalone Forms and Discoverer jar with Self Sign Certificate

Verisign Certificate Revoke/ Sign Standalone Forms and Discoverer jar with Self Sign Certificate

I was trying to get access to Oracle Fusion Middleware(Forms and Discoverer) application link and getting below error

java.security.cert.CertPathValidationException .... It's validity is out of date

It was happening with many companies and clients.

This started causing a lot of issues in Production. I found that the Verisign Certificate was revoked by CA and was not allowed to authenticate.

So I was having 2 options either to change the java control panel setting in the client systems.

or Sign the jars with a new certificate.

Option 1:

Enable below highlighted to check only the publisher certificate and not the chain of the certificate.

But there might be a security lapse when not checking the chain.

so I opted for option 2.

Option 2:

Sign forms and discoverer jar with self-signed certificate.

Login to funweb122(Fusion MIddleware application Server)

1)Forms Jar file location

cd /u01/oracle/Middleware/as_1/forms/java

cd /usr/java/jdk1.7.0_55/jre/lib/security/

2) Set Path

export PATH=/u01/oracle/Middleware/as_1/jdk/bin:$PATH

Just taking backup

appsweb@funweb122: [/u01/oracle/Middleware/as_1/forms/java]

$ cp jacob.jar /oracle/stage/HS

3) file to be used for jar sigining

appsweb@funweb122: [/u01/oracle/Middleware]

/u01/oracle/Middleware/asinst_infrt/bin/sign_webutil.sh

4) update the sign_webutil file for 

KEYSTORE_PASSWORD=funkeypass

JAR_KEY_PASSWORD=funkeypass

VALIDDAYS=1360

/u01/oracle/Middleware/asinst_infrt/bin/sign_webutil.sh

5) Manually move old Keystore file

 mv /home/appsweb/.keystore /home/appsweb/.keystore_old16nov2021

6) Command to manually verify jar and certs

appsweb@funweb122: [/u01/oracle/Middleware/as_1/forms/java]

$ jarsigner -verify -certs -verbose frmwebutil.jar

script to do same

 cd /u01/oracle/Middleware/as_1/forms/java

for i in *.jar

do

jarsigner  -verify $i

done

7) Script to sign jars and it will automatically create self sign certificate

 

 cd /u01/oracle/Middleware/as_1/forms/java

 for i in *.jar

do

/u01/oracle/Middleware/asinst_infrt/bin/sign_webutil.sh $i

done

8)Restart WLS_FORMS from WebLogic Admin console

9) For  discoverer

cd /u01/oracle/Middleware/as_1/discoverer/plus_files

 Copy disco5i.jarjar to /tmp/disco_temp directoy. You can create temporary directory

 unzip disco5i.jarjar

 cp -ip inner.jar inner.jar.old

 sign the inner.jar

  /u01/oracle/Middleware/as_1/jdk/bin/jarsigner -verbose  -digestalg SHA-256 -keystore ~/.keystore -storepass funkeypass -keypass funkeypass -signedjar inner.jar inner.jar.old webutil2

 

 mv disco5i.jarjar disco5i.jarjar.old

 

 zip -r disco5i.jarjar inner.jar 

 copy file to 

 /u01/oracle/Middleware/as_1/discoverer/plus_files

 

 

 Restart the WLS_DISCO

If you like please follow and comment