My Oracle Support Banner

How to Review the Certificates Used to Sign Secure Global Desktop Java Client Archives (Doc ID 1663901.1)

Last updated on NOVEMBER 17, 2023

Applies to:

Oracle Secure Global Desktop - Version 4.63 to 5.3 [Release 4.0 to 5.0]
Information in this document applies to any platform.


Clients connecting to a Secure Global Desktop (SGD) server will be prompted to download and install SGD Client Archives to enable full featured emulation of remote applications. These client archives are signed after building by a Global Corporate signing service maintained by Oracle to ensure connecting customers of both the content and origin of the software.

Note: Additional information regarding the signing of SGD Client Archives can be found in the following KM article,
<Document 2328375.1> - Understanding Secure Global Desktop Java Client Archive Signing

A security-focused Secure Global Desktop (SGD) customer with tightly administered client machines would like to tightly constrain the list of pre-approved root Certificate Authorities (CAs) in their browser and Java trust store:  only specifically approved CAs will remain enabled.  To facilitate this, the Administrator would like to verify the minimum list of approved root CAs to be provisioned to locked down clients that will allow Secure Global Desktop to work as expected.

This is an extremely site-specific requirement, and should not be necessary for most SGD customers.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Location of SGD Client Archives
 Review of Signing Certificates
 Using JarSigner
 Using OpenSSL

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.