My Oracle Support Banner

Oracle Access Manager (OAM) Can The SIMPLE Mode Certificates Be Removed From The ".oamkeystore" (Doc ID 3006416.1)

Last updated on FEBRUARY 24, 2024

Applies to:

Oracle Access Manager - Version 11.1.2.3.210611 and later
Information in this document applies to any platform.

Goal

Moved from SIMPLE Mode to CERT Mode Oracle Access Protocol (OAP) communication.

Dumped out the contents for the .oam keystore and still see that the SIMPLE Mode certificates are present.

Command Output

keytool -list -keystore <DOMAIN_HOME>/user_projects/domains/<DOMAIN_NAME>/config/fmwconfig/.oamkeystore -storetype JCEKS -v | grep -A 20 oam.simple.cert

 

 provide password and see the following ...

***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************

Alias name: oam.simple.cert.sha256
Creation date: Sep 29, 2019
Entry type: trustedCertEntry

Owner: CN=oam.simple.ca
Issuer: CN=NetPoint Simple Security CA - Not for General Use, OU=NetPoint, O="Oblix, Inc.", L=Cupertino, ST=California, C=US
Serial number: a
Valid from: Sun Sep 29 13:47:10 GMT 2019 until: Fri Mar 22 13:47:10 GMT 2024
Certificate fingerprints:
MD5: 80:C6:A8:14:CA:68:88:4A:22:CE:08:A2:75:77:60:22
SHA1: 20:F0:93:84:E3:EF:9B:E0:FF:93:51:01:E8:A4:8D:BB:5A:76:D6:92
SHA256: 07:6F:CC:02:2C:86:19:26:B1:F2:6E:D1:30:8B:52:88:E3:CD:5E:36:31:47:CC:F4:DC:A7:67:FD:44:29:ED:36
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 3072-bit RSA key
Version: 1

*******************************************
*******************************************

--
Alias name: oam.simple.cert.keyalias.sha256
Creation date: Sep 29, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=oam.simple.ca
Issuer: CN=NetPoint Simple Security CA - Not for General Use, OU=NetPoint, O="Oblix, Inc.", L=Cupertino, ST=California, C=US
Serial number: a
Valid from: Sun Sep 29 13:47:10 GMT 2019 until: Fri Mar 22 13:47:10 GMT 2024
Certificate fingerprints:
MD5: 80:C6:A8:14:CA:68:88:4A:22:CE:08:A2:75:77:60:22
SHA1: 20:F0:93:84:E3:EF:9B:E0:FF:93:51:01:E8:A4:8D:BB:5A:76:D6:92
SHA256: 07:6F:CC:02:2C:86:19:26:B1:F2:6E:D1:30:8B:52:88:E3:CD:5E:36:31:47:CC:F4:DC:A7:67:FD:44:29:ED:36
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 3072-bit RSA key
Version: 1
Certificate[2]:
Owner: CN=NetPoint Simple Security CA - Not for General Use, OU=NetPoint, O="Oblix, Inc.", L=Cupertino, ST=California, C=US
Issuer: CN=NetPoint Simple Security CA - Not for General Use, OU=NetPoint, O="Oblix, Inc.", L=Cupertino, ST=California, C=US
Serial number: 0
Valid from: Wed Apr 01 12:57:22 GMT 2009 until: Thu Mar 28 12:57:22 GMT 2024

Warning:
The JCEKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore <DOMAIN_HOME><domain_home>/user_projects/domains/<DOMAIN_HOME>/config/fmwconfig/.oamkeystore -destkeystore <DOMAIN_HOME><domain_home>/user_projects/domains/<DOAMIN_HOME>/config/fmwconfig/.oamkeystore -deststoretype pkcs12".

 

Can the SIMPLE Mode Certificates be removed from the ".oamkeystore"?

If the the SIMPLE Mode Certificates can not be removed from the ".oamkeystore", are there any known issues that will occur when this date is reached, even if CERT Mode Oracle Access Protocol (OAP) communication is being used?

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.