Signed Certificates Error "security.validator.ValidatorException: Extended key usage does not permit use for code signing" (Doc ID 2205511.1)

Last updated on APRIL 05, 2017

Applies to:

Oracle Utilities Network Management System - Version 1.12.0.3 and later
Oracle Network Management for Utilities - DMS - Version 1.12.0.3 and later
Information in this document applies to any platform.

Symptoms

On : 1.12.0.3, Installation

When launching any NMS application, this error appears in the java console:

sun.security.validator.ValidatorException: Extended key usage does not permit use for code signing
    at sun.security.validator.EndEntityChecker.checkCodeSigning(Unknown Source)
    at sun.security.validator.EndEntityChecker.check(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
    at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
    at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
    at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
    at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.launch(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main.access$000(Unknown Source)
 

Changes

Possible recent changes:
1. The applications were issued a new set of signed certificates.
2. The certificates was signed using SHA-2 (previously it was done using SHA-1).

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms