Sunday, May 17, 2026

Generic Oracle EBS JAR Signing Certificate Renewal Runbook

Objective

This document provides generic steps to renew or replace JAR signing certificates in Oracle E-Business Suite environments.

Applicable for:

Oracle EBS 12.1 / 12.2
Internal and Extranet environments
Certificate renewal activities
Java/JAR signing maintenance

1. Backup Existing Files

Navigate to Admin Directory


cd $NE_BASE/EBSapps/appl/ad/admin

Backup Existing Certificate Files


cp adkeystore.dat adkeystore.dat_bkp_$(date +%Y%m%d)

cp adsign.txt adsign.txt_bkp_$(date +%Y%m%d)

cp appltop.cer appltop.cer_bkp_$(date +%Y%m%d)

cp jarsecurefile jarsecurefile_bkp_$(date +%Y%m%d)

2. Backup Java Security cacerts


cd $OA_JRE_TOP/lib/security

cp cacerts cacerts_bkp_$(date +%Y%m%d)

3. Backup Existing Signed JAR


cd $OA_JAVA

cp GetClientInfo.jar GetClientInfo.jar_sign_bkp_$(date +%Y%m%d)

4. Copy New Certificate Files

Navigate to Admin Directory


cd $NE_BASE/EBSapps/appl/ad/admin

Copy New Signing Files


cp /path_to_new_certificates/adkeystore* .

cp /path_to_new_certificates/adsign.txt .

Copy Updated cacerts


cd $OA_JRE_TOP/lib/security

cp /path_to_new_certificates/cacerts .

5. Replace Signed JAR File


cd $OA_JAVA

cp /path_to_new_certificates/GetClientInfo.jar.sig .

6. Extranet Environment Steps (If Applicable)

Backup Existing Extranet Files


cd $NE_BASE/EBSapps/appl/ad/admin

cp adkeystore.dat adkeystore.dat_extranet_bkp

cp adsign.txt adsign.txt_extranet_bkp

cp appltop.cer appltop.cer_extranet_bkp

Backup Extranet cacerts


cd $OA_JRE_TOP/lib/security

cp cacerts cacerts_extranet_bkp

7. Copy New Files to Extranet Environment


cd $NE_BASE/EBSapps/appl/ad/admin

cp /path_to_new_certificates/adkeystore* .

cp /path_to_new_certificates/adsign.txt .

Copy cacerts


cd $OA_JRE_TOP/lib/security

cp /path_to_new_certificates/cacerts .

8. Stop Oracle EBS Application Services


sh $ADMIN_SCRIPTS_HOME/adstpall.sh apps/<apps_password> -mode=allnodes

9. Regenerate JAR Files

Run ADADMIN


adadmin

Select:


Maintain Applications Files Menu
   →
Generate Product JAR files

Important Prompt


Do you wish to force regeneration of all jar files?

Answer:

Yes

10. Compile JSP Files


perl $FND_TOP/patch/115/bin/ojspCompile.pl --compile --flush -p 2

11. Validate New Certificate

Navigate to JAR Directory


cd $FND_TOP/java/jar

Verify JAR Signature


jarsigner -verify -verbose -certs fndforms.jar | grep -i sign

Validate:

New certificate expiry date
Signer information
No verification errors

12. Start Oracle EBS Services


sh $ADMIN_SCRIPTS_HOME/adstrtal.sh apps/<apps_password> -mode=allnodes

13. Post Validation Checks

Verify Services


sh $ADMIN_SCRIPTS_HOME/adstrtal.sh status

Validate Forms Launch

Check:

Oracle Forms open successfully
No certificate warning
No Java security popup
OAF pages working properly

14. Browser & Java Cache Cleanup

Recommended on Client Machines

Clear Java Cache
Clear Browser Cache
Restart Browser
Relaunch EBS

15. Rollback Plan

Restore Old Files


cp *_bkp_* original_filename

Restore cacerts


cp cacerts_bkp_* cacerts

Restart Services


sh $ADMIN_SCRIPTS_HOME/adstrtal.sh apps/<apps_password> -mode=allnodes

Best Practices

Area	Recommendation
Backup	Always backup before replacement
Testing	Validate in TEST/UAT first
Downtime	Perform during maintenance window
Validation	Verify Forms and OAF pages
Rollback	Keep rollback ready
Cache	Clear Java/browser cache
Security	Verify certificate expiry before deployment

Common Troubleshooting

Issue	Possible Cause	Action
Forms not launching	Invalid signing	Verify jarsigner output
Certificate warning	Old cache	Clear Java cache
OACORE issues	Incomplete restart	Restart services
JSP errors	JSP cache stale	Run ojspCompile
JAR mismatch	Partial generation	Force regenerate JARs

Final Validation Checklist

Validation	Status
Backup completed	☐
Certificates copied	☐
cacerts updated	☐
Services stopped	☐
JARs regenerated	☐
JSP compile completed	☐
jarsigner validation successful	☐
Services started	☐
Forms tested	☐
No certificate warnings	☐

Sunday, May 17, 2026

Generic Oracle EBS JAR Signing Certificate Renewal Runbook

Generic Oracle EBS JAR Signing Certificate Renewal Runbook

Objective

1. Backup Existing Files

Navigate to Admin Directory

Backup Existing Certificate Files

2. Backup Java Security cacerts

3. Backup Existing Signed JAR

4. Copy New Certificate Files

Navigate to Admin Directory

Copy New Signing Files

Copy Updated cacerts

5. Replace Signed JAR File

6. Extranet Environment Steps (If Applicable)

Backup Existing Extranet Files

Backup Extranet cacerts

7. Copy New Files to Extranet Environment

Copy cacerts

8. Stop Oracle EBS Application Services

9. Regenerate JAR Files

Run ADADMIN

Select:

Important Prompt

10. Compile JSP Files

11. Validate New Certificate

Navigate to JAR Directory

Verify JAR Signature

Validate:

12. Start Oracle EBS Services

13. Post Validation Checks

Verify Services

Validate Forms Launch

14. Browser & Java Cache Cleanup

Recommended on Client Machines

15. Rollback Plan

Restore Old Files

Restore cacerts

Restart Services

Best Practices

Common Troubleshooting

Final Validation Checklist

No comments:

Post a Comment