My Oracle Support Banner

How to Update the Certificates Used in the default-keystore.jks to Use a New Signature Algorithm with a Greater Key Size (Doc ID 2472450.1)

Last updated on JULY 08, 2020

Applies to:

Identity Manager - Version 11.1.2.1.0 to 11.1.2.3.0 [Release 11g]
Information in this document applies to any platform.

Goal

This document provides the step by step instruction to update the certificates in the default_keystore.jks to use a signature algorithm having a key size greater than 1024.

In the older versions of Oracle Identity Manager, the out of the box default_keystore.jks used internally for the OWSM WS-Policies (which are attached to the callback for OIM approval composites) contains MD5withRSA certificates with a key size of 1024.
Newer JDKs do not accept these certificates.  Specifically, starting with JDK 1.6.0_101+, JDK 1.7.0_40+, Or JRockit R28.3.7+

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.