My Oracle Support Banner

How to Renew Demo Certification Using Fusion Middleware Control in a Collocated Domain (Doc ID 2955067.1)

Last updated on DECEMBER 05, 2023

Applies to:

Oracle HTTP Server - Version to [Release 12c]
Oracle Fusion Middleware - Version to [Release 12c]
Information in this document applies to any platform.


First of all, Oracle highly recommends that you use third-party Certificate Authority (CA) signed certificates or domain CA signed certificates when you deploy applications to a production environment. By default, any certificates created using the OPSS keystore service in the domain are signed using the demonstration CA. These demonstrations certificates should never be used in a production environment. The private key of the demonstration certificate is available to all installations of WebLogic Server, therefore each installation can generate a demo signed CA certificate using the same key. As a result, you cannot trust these certificates.

Please replace demonstration certificate according to the following document.
Managing Keys and Certificates

This document provides the ways to renew 2 keystores on Oracle Fusion Middleware 12c ( and in a collocated domain using Fusion Middleware Control, one is for OPSS (AdminServer and Nodemanager), another is for Oracle HTTP Server(OHS).



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Update "demoidentity" keystore in "system" stripe which is used by AdminServer and Nodemanager
 Update "<OHS_INSTANCE_NAME>_default" keystore in "OHS" stripe which is used by Oracle HTTP Server (OHS)

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.