EBS forms issue due to weak signature algorithm

Posted byIndraneil SealPosted inUncategorized

After TLS 1.2 configuration, EBS R12.1.3 forms were not working for client JRE 1.7

After enabling forms debugging (add “-Djavax.net.debug=all” in “Runtime Parameters” on client java), I noticed below error in the java console log

security: resource name “oracle/apps/fnd/common/VersionInfo.class” in https://hostname:port/OA_JAVA/oracle/apps/fnd/jar/fndctx.jar : java.lang.SecurityException: class “oracle.apps.fnd.common.VersionInfo” does not match trust level of other classes in the same package
basic: exception: java.lang.ExceptionInInitializerError.
java.lang.RuntimeException: java.lang.ExceptionInInitializerError
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.instantiateApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

I decided to regenerate jar using force option. The jar regeneraton completed successfully, however the issue did not resolved. I decided to verify the Digital Signature of one of the signed Jar File that failed to download using the below command –

jarsigner -verify -verbose -certs $JAVA_TOP/oracle/apps/fnd/jar/fndctx.jar

And in the output I noticed the message-

Signed by “CN=_, OU=apps, O=, C=US”
Digest algorithm: SHA-256
Signature algorithm: SHA256withDSA, 1024-bit key (weak)

I decided to regenerate the key using 2048-bit key size and redo the jar signing steps followed by forceful jar regeneration.

After this step, the Signature algorithm changed to SHA256withRSA, 2048-bit key and forms issue was fixed.

Published by Indraneil Seal

I originally hail from Kolkata, India, and I've dedicated a significant portion of my professional journey to both India and the United States before relocating to Canada during the pandemic. I’m a member of MongoDB's esteemed Technical Services team. Before joining this exceptional group, I held the role of Senior Apps DBA at the Government of Ontario. Prior to that, I spent many years honing my technical(DBA/Cloud) and soft skills with TCS, KBACE Technologies(which later got acquired by Cognizant Technology Solutions) and Oracle Corporation. Throughout my career, I was deeply immersed in day-to-day operations and spearheaded significant projects, including the modernization of platforms, Oracle application and database upgrades. In my last stint at the Government of Ontario, I was also responsible for overseeing various automation initiatives including out-of-place patching, automated EBS Application patching. Outside of my professional life, I have a strong passion for reading, blogging, spending quality time with my family, and my feline buddies, Smokey & Louis. I also relish solitary walks and jogging as personal interests. As a proponent of open source technologies, I'm looking forward to sharing my knowledge and expertise as well as contribute as much as possible to the success of the IT fraternity thereby perpetually expanding my skillset.

2 thoughts on “EBS forms issue due to weak signature algorithm

    1. Please check this Step 3.2. Generate a new keypair (private key and public key) of the document “Enhanced Jar Signing for Oracle E-Business Suite (Doc ID 1591073.1)”.
      Here you are specifying the keysize – $ adjkey -initialize [ -keysize ] [ -alias ]

      Like

      Reply

Leave a reply to Indraneil Seal Cancel reply