Skip to Main Content
Forums

Oracle Forms

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

FORMS 12.2.1.3: "ORACLE AMERICA INC." certificate expire

JeremxDec 30 2020 — edited Dec 30 2020

Since today our users have encountered concerns with the certificate "ORACLE AMERICA INC." 

java version : JRE 1.8.0_271-b09

image.png
Looking closer, the TSA "Symantec Time Stamping Services Signer - G4" expired today for form JARs ...

jarsigner -verify -verbose -certs frmall.jar
sm  42142 Mon Oct 20 21:26:22 CEST 2014 oracle/forms/icons/splash.gif

   [entry was signed on 09/08/2017 18:37]
   >>> Signer
   X.509, CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US
   [certificate is valid from 31/01/2017 01:00 to 02/02/2018 00:59]
   X.509, CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
   [certificate is valid from 10/12/2013 01:00 to 10/12/2023 00:59]
   X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
   [trusted certificate]
   >>> TSA
   X.509, CN=Symantec Time Stamping Services Signer - G4, O=Symantec Corporation, C=US
   [certificate expired on 30/12/2020 00:59]
   X.509, CN=Symantec Time Stamping Services CA - G2, O=Symantec Corporation, C=US
   [certificate will expire on 31/12/2020 00:59]


 s = signature was verified
 m = entry is listed in manifest
 k = at least one certificate was found in keystore

- Signed by "CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US"
  Digest algorithm: SHA-256
  Signature algorithm: SHA256withRSA, 2048-bit key
 Timestamped by "CN=Symantec Time Stamping Services Signer - G4, O=Symantec Corporation, C=US" on mer. août 09 16:37:10 UTC 2017
  Timestamp digest algorithm: SHA-1 (weak)
  Timestamp signature algorithm: SHA1withRSA (weak), 2048-bit key

jar verified.

Warning:
The timestamp has expired.
The SHA1withRSA signature algorithm is considered a security risk. This algorithm will be disabled in a future update.
The SHA-1 timestamp digest algorithm is considered a security risk. This algorithm will be disabled in a future update.

Do you have a solution? patch? I haven't seen anything about 12.2.1.3 ..
thanks
This post has been answered by Matej D. on Dec 31 2020
Jump to Answer
Comments
Post Details
Added on Dec 30 2020
#forms, #moved-from-devops
4 comments
3,399 views