How to Add Self-Signed Certificates to the List of Trusted Certificates in the Java Runtime

Self-signing jar files to use for Oracle Forms have been a way to sign jar files without using a trusted vendor. Oracle has provided the sign_webutil.bat (or sign_webutil.sh) script to use for self-signing a jar file. As the self-signed certificates do not contain a trusted publisher name, any time a Forms application starts up, you may notice a Java security warning with a publisher “UNKNOWN”. This is because the self-signed certificate is not generated from a trusted vendor (VeriSign, Comodo, GoDaddy, etc.) and is not in the “Signer CA” list in the Java Control Panel on a user’s PC. This has been noticed more in recent months as users are unable to “always remember this option” when choosing to run an application with an UNKNOWN publisher starting with Java 7 Update 40 (or even getting an Application Blocked error when using JRE 7u51 or higher).

The best solution would be to sign your jar files with trusted code-signing certificates from a trusted vendor. However, you also have the option to add the self-signed certificate to your Java Control Panel to the list of Signer CA certificates which will add the self-signed certificate to the trusted list allowing you to run the application without the warning appearing (however, a Java notification will still appear with a publisher name that would be considered more trustworthy than “UNKNOWN”).

What you’ll learn in this article:

How to update the sign_webutil script in your platform
How to export a CSR certificate from the keystore fo the script to use

Fill out this form to get immediate access to the article.

[ninja_form id=12]