Restore adkeystore.dat

Hi,
Good day.
I want to deploy some custom OAF pages on Oracle 12.2.4 during the deployment we had some issue and Oracle SR owner request to run the command below
adjkey –initializ
after I go thru the note “Enhanced Jar Signing for Oracle E Business Suite (Doc ID 1591073.1)”
I realized that the above command will re create the adkeystore.dat which contain my java signature.
My question:
How can I restore my original adkeystore file? Can I just restore it from a backup? mean I just copy the folder “<JRI_DATA_LOC> <fs_ne>/EBSapps/appl/ad/admin”
or is there any further steps?

Hi,

Read this note : How To Un-sign Jar Files (Doc ID 1635107.1)
it will help you . It is like un-signing jar files;

Read ->

When running adjkey -initialize, it will backup the adkeystore.dat and the adsign.txt file.

To get back to the self-signed certificate that Oracle Delivers with EBS Forms.
 If you still have the original adkeystore.dat and adsign.txt:
- Backup the existing adkeystore.dat and adsign.txt
- Restore the original adkeystore.dat and adsign.txt from backup
- Run the admin to force generate jar files to restore to the original Oracle Signed jar files.


If you do not have the original adkeystore.dat, and you want to un-sign the jar files with a unknown signature:
- Backup the existing adkeystore.dat and adsign.txt
- Run adjkey -initialize to recreate the keystore.dat and adsign.txt
- Use adadmin to force sign the jar files

Thanks for the prompt response.

I ran the command twice :)

adjkey -initialize

no back up in the same server, but I got the backup from the tape!! How can I restore it now?

So, you don't have adkeystore.dat then..
Take the adkeystore.dat from the patch filesystem and copy it to the run filesystem.

Here I show an example prompt; you can see the adkeystore.dat files from both fs1 and fs2

[applmgr@demoorcl admin]$ pwd
/u01/oracle/CLONE/fs1/EBSapps/appl/admin
[applmgr@demoorcl admin]$ ls -al adkeystore.dat
-rwxr-xr-x 1 applmgr oinstall 3507 Jun  8 17:20 adkeystore.dat
[applmgr@demoorcl admin]$ cd /u01/oracle/CLONE/fs2/EBSapps/appl/admin
[applmgr@demoorcl admin]$ ls -al adkeystore.dat
-rwxr-xr-x 1 applmgr oinstall 3507 Jan 13  2014 adkeystore.dat

Alternatively,

follow the same document, In this scenario, the restore means unsigning.

Here it says ->

If you do not have the original adkeystore.dat, and you want to un-sign the jar files with a unknown signature:

- Backup the existing adkeystore.dat and adsign.txt
- Run adjkey -initialize to recreate the keystore.dat and adsign.txt
- Use adadmin to force sign the jar files

I will get back to you.

I found the adkeystore in the run and patch folders.....how can I restore it from those two folders?

Do I just copy it to fs_ne folder "/u01/oracle/PROD/fs_ne/EBSapps/appl/ad/admin"?

I said press enter but you can also supply the following information .. It will be better:

CN=hostname, OU=apps, O=hostname, L=LOCALITY, ST=STATE, C=US

hostname should be your hostname  , that is the server name.
In my case, it is demoorcl.

but we have purchase a certificate long time ago and and our jar files are signed using the previous adkeystore!!!! I want to have the same signature across the standard jar files and custom jar files.

we have many custom OAF pages and they are working fine but we added a new page and during the deployment we run the command adjkey - initilize by mistake and now we want to restore our original adkeystore file.

If you dont have backup, then you will have to reimport your old certificate to the newly created adkeystore file.

Also, if you have a clone environment , you can take the certificate from there.

Also, you can open an OAF page and may export the code signing certificate from your Internet browser .. At least you can try...
Check this: https://www.digicert.com/code-signing/exporting-code-signing-certificate.htm , give it a try.

I asked our system administrator to restore the folder fs_ne? after that what can I do?

You will restore your adkeystore.dat file from backup and then you are good to go.
You can follow the following note for your new deployment: Developing and Deploying Customizations in Oracle E-Business Suite Release 12.2 (Doc ID 1577661.1)

Also read this: How to deploy customizations that are created in the package oracle.apps.xxprod.* rather than xxprod.oracle.apps.* or xxprod.oracle.apps.xxprod.* on EBS 12.2.X? (Doc ID 1609939.1)

Detailed steps are given there.

Yes I did, now the system administrator has restored the adkeystore.dat file to my local machine.......what I should do with it? can I just copy it to the server?

Yes

I Copied the file to the original folder and run adcgnjar command, and the custom page got singed and it's working fine now.

Good to hear :)