Using GoDaddy Certificate to Sign Your Oracle EBS Jar Files

GoDaddy provide the cheapest Jar-signing certificate that they also give different bargain / discount off the shelf price actively ( I get their discount spam mail everyday).  However if you ask their support about how to do the jar signing, they are absolute clueless.  Okay. That's why their price is low.

Here are the steps of signing the jar files:

(1) Download KeyStore Explorer (KSE), install, and make sure it runs well.  You will use this excellent software throughout the steps

(2) Before creating you private key, check the $APPL_TOP/admin/adsign.txt file.  It should look like

[sid]_[hostname] 1 CUST

Use KSE to open the $APPL_TOP/admin/adkeystore.dat.  The keystore password is "puneet".  This is the default keystore password used by Oracle.  Every time you open/modify this keystore file, you need this password to continue.

(3) Generate the private key pair

Oracle told you the command is "adjkey -initialize -keysize 2048 -alias mycompany"

But you can run this instead:

keytool -keystore adkeystore.dat -genkey -alias mycompany -keyalg RSA -keysize 2048

- You're supposed to use your company name for mycompany.  Use lower case characters for alias name. 

- Use "myxuan" for certificate password.  Oracle uses this default password for certificates.

Enter keystore password: puneet

What is your first and last name?

  [Unknown]:

What is the name of your organizational unit?

  [Unknown]:  Happy Valley

What is the name of your organization?

  [Unknown]:  Happy Valley

What is the name of your City or Locality?

  [Unknown]:  Toronto

What is the name of your State or Province?

  [Unknown]:  Ontario

What is the two-letter country code for this unit?

  [Unknown]:  CA

Is CN=Unknown, OU=Happy Valley, O=Happy Valley, L=Toronto, ST=Ontario, C=CA correct?

  [no]:  Yes

Enter key password for myxuan

        (RETURN if same as keystore password):

Re-enter new password: myxuan

Use KSE to open the adkeystore.dat file, you will see the new entry you just created:

(3) Generate CSR

keytool -sigalg SHA256withRSA -certreq -keystore adkeystore.dat -file mycompany.csr -alias mycompany

Enter keystore password: puneet

Enter key password for myxuan

A new file mycompany.csr is created.  You can use KSE to open up this CSR file to see the details.

(4) Paid money to GoDaddy  (through web site, or you can call / email their salesrep, if you have corporate account or you need quotation / paper work / invoice / bargain / discount etc).  Finally they will give you a ZIP file.  It contains one file with SPC extension.

(5)  Add signed certificate to keystore

keytool -keystore adkeystore.dat -import -trustcacerts -alias mycompany -file godaddy.spc

Enter keystore password: puneet

Enter key password for myxuan

Certificate reply was installed in keystore

Use KSE to open adkeystore.dat again. This time you will see the signed certificate and it's chain:

(6) Optional: In KSE, delete the default private key with alias [SID]_[hostname].   Change the alias name of the GoDaddy-signed certificate if needed. 

(7) Put this alias name (mycompany or whatever you have) to adsign.txt

mycompany 1 CUST

(8) Run adadmin to force regenerate all jar file.

(9) Bounce Apache and Form Servers.  BINGO.