How to Export and Import the Product Management Certificate Created from the sign_webutil Script (Doc ID 1596871.1)

Last updated on MAY 31, 2023

Applies to:

Goal

Using later versions of the JRE such as 1.7.0_40 and higher and later versions of 1.6 will result in Security Warning messages related to self-signed code caused by enhanced security verification features enabled in these JRE versions.   Note that earlier JRE  versions allowed the end user to check a check box stating "I accept the risk and want to run this application". A subsequent dialog box  allowed one to check a check box  stating "Do not show this again for apps from the publisher and location above".  Checking this would import the certificate into the JRE and the code would be considered trusted from then on and cause no further security warnings. This can be seen in the Figure 2 and Figure 3 in <Note 1542463.1>.  This import option is no longer allowed in JRE 1.7.0_40 and later.   To avoid these Security Warnings in later JRE versions, one must export the public key for the self signed certificate and import it into the JRE. 

The goal of this note is to show how the public key can be exported and imported into the JRE certificate store. Two solutions are offered.  The first shows how it can be done if the certificate is already in the Trusted Certificates section of the JRE which may occur if the JRE has been upgraded from an earlier version.  The second shows  how to export the public key from the self signed certificate created from the sign_webutil.sh(bat) courtesy script and manually import it into the JRE. 

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.