How to Update the Certificates Used in the default-keystore.jks to Use a New Signature Algorithm with a Greater Key Size
(Doc ID 2472450.1)
Last updated on JULY 08, 2020
Applies to:Identity Manager - Version 18.104.22.168.0 to 22.214.171.124.0 [Release 11g]
Information in this document applies to any platform.
This document provides the step by step instruction to update the certificates in the default_keystore.jks to use a signature algorithm having a key size greater than 1024.
In the older versions of Oracle Identity Manager, the out of the box default_keystore.jks used internally for the OWSM WS-Policies (which are attached to the callback for OIM approval composites) contains MD5withRSA certificates with a key size of 1024.
Newer JDKs do not accept these certificates. Specifically, starting with JDK 1.6.0_101+, JDK 1.7.0_40+, Or JRockit R28.3.7+
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!