Oracle Application R12(12.0.x) | JRE | UNKNOWN Publisher

Hi guys

This time I am going to post a solution towards one of the nagging annoyances with Oracle application R12 (12.0.6 in our specific case) & JRE securities those were implemented by JRE 7 (1.7.x)

Our instance was upgraded to use JRE 6 almost 5 years back during 12.0.4 to 12.0.6 upgrade and ever since there were dozens of JRE updates & the current JRE 1.8.0_161 (AS on 19th January 2018) & with each update, whatever the runtime parameters we add specifically for Oracle Application used to get removed, forcing us to renter it for each user.

I’ve been searching for a proper solution, not only towards the runtime parameter fix, for the security prompts those started annoying our end users whenever they tried to launch the forms, once after we forcefully updated many users who were sticking to 1.6 JRE

So after referring many documents, using some of the past experiences dealing with security certificates, I believe, have figured out how to get rid of those annoyances, minimum for a while.

Solution 1

Runtime parameters being removed after each JRE update

jre

Add a new environment JAVA_TOOL_OPTIONS with a value -Djava.vendor=”Sun Microsystems Inc.”

You may add it under your specific user or system wide, which I usually prefer so that I don’t have to worry about the next user who will be using the same system (for some reasons)

ENV

Solution 2

Addressing JAVA security prompts

Trying to open the forms with latest JRE without adding exceptions will produce the following JAVA security error

1.png

Now we need to add the application URL with complete port details to the security tab of JRE

2

Now, we will be presented with the “toughest” situation to resolve, which will be explained later.

3

Clicking the More Information, JAVA presents more details about the digital certificate issues, stating the publisher of the digital certificate as UNKNOWN, hence this warning appears for the end user each time whenever the user tries to open a Forms based module.

4

You may require Domain Administrator/Administrator privileges to continue the below fixes

1st we have to retrieve the certificate from Oracle application server. Login as application manager user to LINUX environment (We’re setting up the entire stuffs for R12 application that is running on 64Bit Linux)

download $APPL_TOP/admin/appltop.cer file to local computer (If your implementation team has cloned the instances across, the appltop.cer will remain the same across different servers, so the single certificate integration with the user computer should deal with all different instances of the Oracle application (Test, Development & Production)

Once the certificate is downloaded or copied to the local computer, you need to install it. We’ll install the certificate twice, in two different locations.

Follow the images below for more details

5

We will install the certificate for the “Local Machine”, so that all users using the same computer will get benefitted

6

For the 1st instance, We MUST install this certificate to “Trusted Root Certification Authorities” Container.

For 78

 

9

Once the certificate is imported, We should install the certificate once again, Select “Local System” and follow the prompts. We don’t have to specify the container this time.

10

Now, trying to open a forms based module will present you another warning

11

Checking “Do not show this again for apps from the publisher and location above” will suppress this dialog until the certificate remains the same for the application server.

Hope this helps few out there!

regards,

rajesh

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.