My Oracle Support Banner

Jar File Code Signing Changes Related to JRE 1.7.0_21 or Higher and the Impact on Oracle Forms Related Self-Signed Jar Files (sign_webutil.sh or sign_webutil.bat) (Doc ID 1542463.1)

Last updated on FEBRUARY 14, 2023

Applies to:

Oracle Forms - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Purpose

Note: The information in this note is correct. However, the following information is more recent.

For information on acquiring the latest Oracle supplied Forms jar files see <Note 2258010.1> and <Note 2354506.1>

For information on signing custom jar files - Forms or other products - please see <Note 2065434.1>

 

The purpose of this document is to explain what impact the upcoming Java Applet jar file signing changes  will have on Oracle Forms users.

Beginning with the April 2013 Java release, customers are encouraged to begin signing applet jars files with signed with trusted certificates from a trusted certificate authority*. Self-signed and unsigned jars will result in additional dialogs and/or clicks in order to launch the application. Customers are encouraged to obtain trusted certificates for any client jar files used in their applications.

*Note that for the discussion in this note, a trusted certificate authority is one whose public key portion of the certificate is contained in the JRE certificate store.  These can be seen in the JRE Java Control Panel as depicted in the following image:



Figure 1

At a minimum, jars should be self-signed although using a trusted authority is recommended and encouraged.

These changes will be included in the April 2013 Critical Patch Update (CPU) release.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Purpose
Questions and Answers
 Will all my Forms be affected?
 Will my existing Forms still function after these changes if I use self-signed jar files?
 What CPU changes will implement these new security features?
 How can I avoid the additional dialogs and/or clicks that will now be required for end users of Forms applications?
 Will signing my jar files with the Oracle provided sign_webutil.sh/bat script prevent the additional dialogs and/or clicks that JRE 1.7.0_21 and higher will now require?
 If I use no jar files other than the Oracle Forms supplied jar files installed in the ORACLE_HOME/forms/java directory such as  frmall.jar, frmwebutil.jar, etc., will I be affected?
 Is it possible that more stringent requirements - such as not allowing unsigned or untrusted code to run - will be implemented in future JRE versions?
 What are the steps to sign my jar files with a trusted certificate?
 Where can I get more information about the Security Dialogs in JRE 1.7.0_21 and what they mean?
 Where can I find more information about Java Security in general?
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.