Self-signing jar files to use for Oracle Forms have been a way to sign jar files without using a trusted vendor. Oracle has provided the sign_webutil.bat (or sign_webutil.sh) script to use for self-signing a jar file. As the self-signed certificates do not contain a trusted publisher name, any time a Forms application starts up, you may notice a Java security warning with a publisher “UNKNOWN”. This is because the self-signed certificate is not generated from a trusted vendor (VeriSign, Comodo, GoDaddy, etc.) and is not in the “Signer CA” list in the Java Control Panel on a user’s PC. This has been noticed more in recent months as users are unable to “always remember this option” when choosing to run an application with an UNKNOWN publisher starting with Java 7 Update 40 (or even getting an Application Blocked error when using JRE 7u51 or higher).

The best solution would be to sign your jar files with trusted code-signing certificates from a trusted vendor. However, you also have the option to add the self-signed certificate to your Java Control Panel to the list of Signer CA certificates which will add the self-signed certificate to the trusted list allowing you to run the application without the warning appearing (however, a Java notification will still appear with a publisher name that would be considered more trustworthy than “UNKNOWN”).

To configure this, you will need to update the sign_webutil script (used for self-signing jar files) in the platform running the Forms and Reports environment. After this, you will need to export a CSR certificate from the keystore which the script uses.

Follow the steps provided on the Pitss Knowledgebase:

http://pitss.com/us/2014/05/15/how-to-add-self-signed-certificates-to-the-list-of-trusted-certificates-in-the-java-runtime/