I am creating SSL enabled connection between oracle 11g database (11.2.0.1), and java client using thin client jdbc driver (type 4). We are creating the client/server/root certificates using orapki utility and putting the certificates in oracle wallet.
It seems the default hash algorithm for encryption, when we create certificates using orapki utility (in oracle 11g db) is md5. This was working fine, until we upgraded to jdk1.7 u101. This version of jdk no longer supports MD5. So it seems we need to use SHA-256 as the hash algorithm. I keep getting references that oracle wallet manager 11.2.0.1+ supports SHA-256, but I cannot find any documentation on how to specify SHA-256 as the hash algorithm while creating the certificates.
Is there a way I can generate certificates through orapki/wallet manager with SHA-256 as the hash algorithm?
You can use orapki with -sign_alg sha256 to sign your certificates with sha256 instead of md5.
For example: Creating a self signed certificate used as the trusted authority
orapki wallet create -wallet ./root -pwd welcome123 -nologo
orapki wallet remove -trusted_cert_all -wallet ./root -pwd welcome123 -nologo
orapki wallet add -wallet ./root -dn CN=Certification\ Authority\ For\ Testing,\ O=MyCompany,\ C=US -keysize 2048 -self_signed -validity 7300 -pwd welcome123 -sign_alg sha256 -nologo
orapki wallet export -wallet ./root -dn CN=Certification\ Authority\ For\ Testing,\ O=MyCompany,\ C=US -cert ./root/rootcertificate.crt -pwd welcome123 -nologo
keytool -printcert -file root/rootcertificate.crt
orapki wallet display -wallet ./root -pwd welcome123 -nologo
And the output is:
Owner: CN=Certification Authority For Testing, O=MyCompany, C=US
Issuer: CN=Certification Authority For Testing, O= MyCompany, C=US
Serial number: 0
Valid from: Wed Mar 09 03:35:42 PST 2016 until: Tue Mar 04 03:35:42 PST 2036
Certificate fingerprints:
MD5: D1:EB:E4:27:FB:B1:C9:4A:CB:9D:28:A6:5A:C7:E7:20
SHA1: 39:DD:C2:4A:EA:97:BD:47:52:8C:E6:B9:2C:97:F9:F4:A8:A4:5E:85
SHA256: 04:28:19:01:AC:83:C3:69:D0:C9:1C:6A:94:08:B7:31:0C:65:21:7F:8E:FB:19:50:22:02:C4:9C:69:B1:1E:F6
Signature algorithm name: SHA256withRSA
Version: 1