Verisign Certificate Revoke/ Sign Standalone Forms and Discoverer jar with Self Sign Certificate



I was trying to get access to Oracle Fusion Middleware(Forms and Discoverer) application link and getting below error
java.security.cert.CertPathValidationException .... It's validity is out of date

It was happening with many companies and clients.



This started causing a lot of issues in Production. I found that the Verisign Certificate was revoked by CA and was not allowed to authenticate.

So I was having 2 options either to change the java control panel setting in the client systems.

or Sign the jars with a new certificate.

Option 1:

Enable below highlighted to check only the publisher certificate and not the chain of the certificate.

But there might be a security lapse when not checking the chain.

so I opted for option 2.

Option 2:

Sign forms and discoverer jar with self-signed certificate.


Login to funweb122(Fusion MIddleware application Server)

1)Forms Jar file location

cd /u01/oracle/Middleware/as_1/forms/java

cd /usr/java/jdk1.7.0_55/jre/lib/security/

2) Set Path
export PATH=/u01/oracle/Middleware/as_1/jdk/bin:$PATH

Just taking backup
appsweb@funweb122: [/u01/oracle/Middleware/as_1/forms/java]
$ cp jacob.jar /oracle/stage/HS


3) file to be used for jar sigining
appsweb@funweb122: [/u01/oracle/Middleware]
/u01/oracle/Middleware/asinst_infrt/bin/sign_webutil.sh


4) update the sign_webutil file for 

KEYSTORE_PASSWORD=funkeypass
JAR_KEY_PASSWORD=funkeypass
VALIDDAYS=1360
/u01/oracle/Middleware/asinst_infrt/bin/sign_webutil.sh


5) Manually move old Keystore file

 mv /home/appsweb/.keystore /home/appsweb/.keystore_old16nov2021

6) Command to manually verify jar and certs

appsweb@funweb122: [/u01/oracle/Middleware/as_1/forms/java]
$ jarsigner -verify -certs -verbose frmwebutil.jar

script to do same
 cd /u01/oracle/Middleware/as_1/forms/java
for i in *.jar
do
jarsigner  -verify $i
done

7) Script to sign jars and it will automatically create self sign certificate
 
 cd /u01/oracle/Middleware/as_1/forms/java
 for i in *.jar
do
/u01/oracle/Middleware/asinst_infrt/bin/sign_webutil.sh $i
done

8)Restart WLS_FORMS from WebLogic Admin console



9) For  discoverer

cd /u01/oracle/Middleware/as_1/discoverer/plus_files

 Copy disco5i.jarjar to /tmp/disco_temp directoy. You can create temporary directory
 unzip disco5i.jarjar
 cp -ip inner.jar inner.jar.old
 sign the inner.jar
  /u01/oracle/Middleware/as_1/jdk/bin/jarsigner -verbose  -digestalg SHA-256 -keystore ~/.keystore -storepass funkeypass -keypass funkeypass -signedjar inner.jar inner.jar.old webutil2
 
 mv disco5i.jarjar disco5i.jarjar.old
 
 zip -r disco5i.jarjar inner.jar 
 copy file to 
 /u01/oracle/Middleware/as_1/discoverer/plus_files
 
 
 Restart the WLS_DISCO




If you like please follow and comment