JKS Keystore and Truststore
Oracle Wallet
JKS Keystore and Truststore
A JKS keystore is the default JDK implementation of Java keystores provided by Sun Microsystems. In 11g all Java components and Java EE applications use the JKS-based keystore and truststore.
You use a JKS-based keystore for the following:
Oracle Virtual Directory
Applications deployed on Oracle WebLogic Server, including:
Oracle SOA Suite
Oracle WebCenter
In Oracle Fusion Middleware, you can use GUI or command-line tools to create, import, export, and delete a Java keystore and the certificates contained in the keystore
Oracle Wallet
An Oracle wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys. You can store Oracle wallets on the file system or in LDAP directories such as Oracle Internet Directory. Oracle wallets can be auto-login or password-protected wallets.
You use an Oracle Wallet for the following components:
Oracle HTTP Server
Oracle Web Cache
Oracle Internet Directory
In Oracle Fusion Middleware, you can use GUI or command-line tools to create, import, export and delete a wallet and the certificates contained in the wallet.
Commands to verify the certificate,
#cd $OA_JRE_TOP/lib/security
#pwd
/t01/erptest/fs2/EBSapps/comn/util/jdk32/jre/lib/security
# keytool -list -keystore $OA_JRE_TOP/lib/security/cacerts
# cd $APPL_TOP_NE/ad/admin
#pwd
/t01/erptest/fs_ne/EBSapps/appl/ad/admin
# keytool -list -v -keystore adkeystore.dat
Below are the steps to migrate the java certificate into Oracle E-Business Suite 12.2.x version.
<JRI_DATA_LOC>
= $<fs_ne>/EBSapps/appl/ad/admin
Generate
a new keypair (private key and public key)
PATH:/t01/testerp/fs_ne/EBSapps/ad/admin
[applerp@ed-olaplin1 admin]$ adjkey -initialize -keysize 2048 -alias SAMICORP
Copyright (c) 2002, 2012 Oracle Corporation
Redwood Shores, California, USA
AD Java Key Generation
s Version 12.2.0
NOTE: You may not use this utility for custom development
unless you have written permission from Oracle Corporation.
Reading product information from file...
Reading language and territory information from file...
Reading language information from applUS.txt ...
Enter the APPS username: apps
Enter the APPS password:
Successfully created javaVersionFile.
adjkey will now create a signing entity for you.
Enter the COMMON NAME [ ] : SAMICORP
Enter the ORGANIZATION NAME [SAMICORP] : SAMICORP
Enter the ORGANIZATION UNIT [ ] : IT
Enter the LOCALITY (or City) [ ] : London
Enter the STATE (or Province or County) [ ] : London
Enter the COUNTRY (two-letter ISO abbreviation) [ ] : UK
Enter keystore password: Re-enter new password: Enter key password for <SAMICORP>
(RETURN if same as keystore password): Re-enter new password:
/t01/erptr11225/fs2/EBSapps/comn/util/jdk32/jre/bin/java -Djava.security.egd=file:/dev/urandom sun.security.tools.KeyTool -genkey -alias SAMICORP -keyalg RSA -keysize 2048 -keystore /t01/erptr11225/fs_ne/EBSapps/appl/ad/admin/adkeystore.dat -validity 14600 -dname " CN=SAMICORP, O= SAMICORP, OU=IT, L=London, S=London, C=AE"
The above Java program completed successfully.
Your digital signature has been created successfully and
imported into the keystore database. This signature
will now be used to sign Applications JAR files whenever
they are patched.
IMPORTANT: If you have multiple web servers, you must copy
files to each of the remaining web servers on your site.
See the documentation reference for more information.
adjkey is complete.
Additional Information
If required, you can view the contents of adkeystore.dat by running the following command:
$
keytool -list -v -keystore adkeystore.dat
Create a Certificate Signing Request
Create a "Certificate Signing Request" (named
adkeystore.csr
in this example) to send to your CA provider for signing. This will be created
using the same alias
name from previous
stepCommand to Create a Certificate Signing Request
$ keytool -sigalg SHA256withRSA -certreq -keystore /t01/testerp/fs_ne/EBSapps/appl/ad/admin/adkeystore.dat -file /t01/testerp/fs_ne/EBSapps/appl/ad/admin/adkeystore.csr –alias erpprd_erplxprdap1
Enter keystore password: ----à puneet
Enter key password for <SAMICORP> --à myxuan
Now Submit your Certificate Signing Request
Submit your certificate signing request
'adkeystore.csr'
to your official certificate authority, for example,
Verisign, Thawte etc. or to your own in-house certificate authority as
applicable. Now Import the Root Certificate to the Java Keystore Certificate Store 'cacerts' (if required)
/t01/testerp/fs1/EBSapps/comn/util/jdk32/jre/lib/security
[user@ed-olapplin security]$ keytool -import -alias Root -file Root.cer -trustcacerts -v -keystore cacerts
Trust this certificate? [no]: yes
Certificate was added to keystore
[Storing cacerts]
Keystore Password: defaultpwdchangeit
Import the Code Signing Certificate into the Keystore
/t01/testerp/fs_ne/EBSapps/appl/ad/admin
[appluat@erplxprdap1 admin]$ keytool -import -file SAMICORPEBS.cer -trustcacerts -alias erpprd_erplxprdap1 -keystore adkeystore.dat
Enter keystore password: à defaultpuneet
Enter key password for <SAMICORP> à myxuan
Certificate reply was installed in keystore
Regenerate the Jar File
Shutdown the application services.
Source your APPS env file and shutdown your application tier services.
Source your APPS env File
On the Application tier as the file system owner source your APPS env file.
Shutdown the Application Tier
Shut down the application tier services:
$
adstpall.sh
<apps_user>/<
apps_pwd>
Regenerate the jar files through adadmin
Regenerate all JAR Files using the force option through adadmin:
Run ADADMIN, and select the following from the AD Administration Main Menu:
Choose Generate Applications Files menu
From this menu choose Generate product JAR files
Enter yes when prompted with: Do you wish to force regeneration of all jar files? [No] ? yes
Once your jar files have been successfully generated, restart the application tier.
Restart the Application Tier
Restart the application tier services:
$
adstrtal.sh
<apps_user>/
<apps_pwd>
Remove the cache from browser and old jar files from the control tab -> java- > click on General -> Click on View -> Select all files -> And delete -> Apply and Ok.
Open the java forms 1st time you will get the blow page. Click on the Do not show and Run.
Java Forms opened.