Oracle Security Service (OSS) Patch Removes MD5 - Steps to Evaluate and Update SSL Wallet for FMW 184.108.40.206
(Doc ID 2572809.1)
Last updated on APRIL 05, 2021
Applies to:Oracle Security Service - Version 220.127.116.11.0 to 18.104.22.168.0
Oracle Fusion Middleware - Version 22.214.171.124.0 to 126.96.36.199.0 [Release Oracle11g]
Business Intelligence Suite Enterprise Edition - Version 188.8.131.52.0 to 184.108.40.206.0 [Release 11g]
Oracle HTTP Server - Version 220.127.116.11.0 to 18.104.22.168.0 [Release Oracle11g]
Web Cache - Version 22.214.171.124.0 to 126.96.36.199.0 [Release Oracle11g]
Information in this document applies to any platform.
When following Critical Patch Update recommendations to apply <Patch 27047184> OSS BUNDLE PATCH 188.8.131.52.190716 (or later), there is an evaluation to make on the Wallets and SSL certificates in use.
After applying this patch, the use of the MD5 algorithm will be prevented and any Oracle Wallets containing certificates using MD5 will fail to work. This will result in Oracle Fusion Middleware products failing to start and/or SSL handshake failures occurring either from a browser or between internal components. Products such as OPMN, Oracle HTTP Server, Web Cache, Oracle Internet Directory, and Business Intelligence use the Oracle Security Service (OSS) for SSL and may be affected by the changes introduced by the OSS patch.
All default (demo) certificates in 184.108.40.206 were created with MD5. Your new self-signed or real CA-signed certificates may be using a preferred SHA-2 algorithm. It is recommended to make this evaluation before applying this patch to avoid issues
Reference Oracle Documentation to administer your certificates within Oracle Wallets:
Oracle Fusion Middleware Administrator's Guide (220.127.116.11)
Section I.2.4.1, "Creating and Viewing Oracle Wallets with orapki"
This document outlines the following steps to help you evaluate SSL certificates within your FMW 18.104.22.168 environment:
A.1 How to Check whether Certificate Signed with MD5 Algorithm is Present in the Wallet?
A.2 Removing Certificate Signed with MD5 Algorithm from the Wallet
A.3 Adding Certificate Signed with SHA-2 Algorithm to the Wallet
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|A.1 How to Check whether Certificate Signed with MD5 Algorithm is Present in the Wallet?|
|A.2 Removing Certificate Signed with MD5 Algorithm from the Wallet|
|A.3 Adding Certificate Signed with SHA-2 Algorithm to the Wallet|