My Oracle Support Banner

Oracle Security Service (OSS) Patch Removes MD5 - Steps to Evaluate and Update SSL Wallet for FMW 11.1.1.9 (Doc ID 2572809.1)

Last updated on APRIL 05, 2021

Applies to:

Oracle Security Service - Version 11.1.1.9.0 to 11.1.1.9.0
Oracle Fusion Middleware - Version 11.1.1.9.0 to 11.1.1.9.0 [Release Oracle11g]
Business Intelligence Suite Enterprise Edition - Version 11.1.1.9.0 to 11.1.1.9.0 [Release 11g]
Oracle HTTP Server - Version 11.1.1.9.0 to 11.1.1.9.0 [Release Oracle11g]
Web Cache - Version 11.1.1.9.0 to 11.1.1.9.0 [Release Oracle11g]
Information in this document applies to any platform.

Goal

When following Critical Patch Update recommendations to apply <Patch 27047184> OSS BUNDLE PATCH 11.1.1.9.190716 (or later), there is an evaluation to make on the Wallets and SSL certificates in use.

After applying this patch, the use of the MD5 algorithm will be prevented and any Oracle Wallets containing certificates using MD5 will fail to work. This will result in Oracle Fusion Middleware products failing to start and/or SSL handshake failures occurring either from a browser or between internal components.  Products such as OPMN, Oracle HTTP Server, Web Cache, Oracle Internet Directory, and Business Intelligence use the Oracle Security Service (OSS) for SSL and may be affected by the changes introduced by the OSS patch.

All default (demo) certificates in 11.1.1.9 were created with MD5. Your new self-signed or real CA-signed certificates may be using a preferred SHA-2 algorithm. It is recommended to make this evaluation before applying this patch to avoid issues

Reference Oracle Documentation to administer your certificates within Oracle Wallets:

Oracle Fusion Middleware Administrator's Guide (11.1.1.9)
Section I.2.4.1, "Creating and Viewing Oracle Wallets with orapki"
https://docs.oracle.com/middleware/11119/core/ASADM/walletmgr.htm#ASADM10625

This document outlines the following steps to help you evaluate SSL certificates within your FMW 11.1.1.9 environment:

A.1 How to Check whether Certificate Signed with MD5 Algorithm is Present in the Wallet?
A.2 Removing Certificate Signed with MD5 Algorithm from the Wallet
A.3 Adding Certificate Signed with SHA-2 Algorithm to the Wallet

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 A.1 How to Check whether Certificate Signed with MD5 Algorithm is Present in the Wallet?
 A.2 Removing Certificate Signed with MD5 Algorithm from the Wallet
 A.3 Adding Certificate Signed with SHA-2 Algorithm to the Wallet
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.