Root CA certificate will expire soon in Fusion Apps for WLS (Doc ID 1561294.1)

Last updated on JUNE 30, 2017

Applies to:

Oracle Fusion Applications Common Components - Version 11.1.4.0.0 and later
Oracle Fusion Application Toolkit - Version 11.1.4.0.0 and later
Information in this document applies to any platform.

Goal

Oracle Fusion Applications Release note(Doc ID 1355561.1), states how to fix this original BAD_CERTIFICATE error points you to fixing the certificate in fusion_trust.jks in the $WL_HOME/server/lib directory.

When I do see ( As an e.g.):
keytool -list -v -keystore $WL_HOME/server/lib/fusion_trust.jks
Stated that offending certificate (now fixed) and  see all the other certificates in this file along with their expire date, can see one coming up in August:
Alias name: xxxxxxxxxxx
Creation date: Oct 12, 2012
Entry type: trustedCertEntry

Owner: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corp
oration, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Cor
poration, C=US
Serial number: 1b6
Valid from: Fri Aug 14 07:50:00 PDT 1998 until: Wed Aug 14 16:59:00 PDT 2013
Certificate fingerprints:
 MD5: 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
 SHA1: 47:C5:4C:BC:DA:5D:76:CE:62:88:38:11:AC:11:66:5D:55:F4:2C:00
 Signature algorithm name: SHA1withRSA
 Version: 3

You can see the valid from dates above that shows this certificate will expire on Wed Aug 14 16:59:00 PDT 2013.

You do not want to  get  BAD_CERTIFICATE error before fixing it, and instructions to recreate/renew this certificate listed below. 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms