Oracle Security Service (OSS) Patch Removes MD5 - Steps to Evaluate and Update SSL Wallet for FMW 11.1.1.9 (Doc ID 2572809.1)

Last updated on APRIL 09, 2024

Applies to:

Goal

When following Critical Patch Update recommendations to apply <Patch 27047184> OSS BUNDLE PATCH 11.1.1.9.190716 (or later), there is an evaluation to make on the Wallets and SSL certificates in use.

After applying this patch, the use of the MD5 algorithm will be prevented and any Oracle Wallets containing certificates using MD5 will fail to work. This will result in Oracle Fusion Middleware products failing to start and/or SSL handshake failures occurring either from a browser or between internal components.  Products such as OPMN, Oracle HTTP Server, Web Cache, Oracle Internet Directory, and Business Intelligence use the Oracle Security Service (OSS) for SSL and may be affected by the changes introduced by the OSS patch.

All default (demo) certificates in 11.1.1.9 were created with MD5. Your new self-signed or real CA-signed certificates may be using a preferred SHA-2 algorithm. It is recommended to make this evaluation before applying this patch to avoid issues

Reference Oracle Documentation to administer your certificates within Oracle Wallets:

Oracle Fusion Middleware Administrator's Guide (11.1.1.9)
Section I.2.4.1, "Creating and Viewing Oracle Wallets with orapki"
https://docs.oracle.com/middleware/11119/core/ASADM/walletmgr.htm#ASADM10625

This document outlines the following steps to help you evaluate SSL certificates within your FMW 11.1.1.9 environment:

A.1 How to Check whether Certificate Signed with MD5 Algorithm is Present in the Wallet?
A.2 Removing Certificate Signed with MD5 Algorithm from the Wallet
A.3 Adding Certificate Signed with SHA-2 Algorithm to the Wallet

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.