Code Signing Certificate - Windows Server 2019

Question

Hi Experts,

We are using Oracle EBS 12.2.10 (Server Side) and Java Version 7 Update 151 (Windows Computer / Client-Side) and getting a certificate warning error and after research found that we need to singed JAR files and required " JAVA CODE SIGNING CERTIFICATE" as some external vendors are offering like comodo, Verisign and other offers service.

I just learn about Windows Certificate Server by which we can create our own ROOT CA and Sub Ordinate CA.

As our Oracle EBS server is only accessible within an organization therefore we can take advantage of Windows Server-based Certificate Authority but I am not sure whether our in-house certificate server can work to full this requirement.

I am also attaching an Oracle document for the complete requirements.132580-document-15910731.pdf

Answer 1

It should work without problems using your in-house CA, given that you distribute your in-house public root certificate to all clients who need to operate with EBS

Answer 2

anonymous user

Many Thanks.

Can you please share any step-by-step installation/configuration help links to achieve the target?
As the requirement is only for a single purpose so can I install it on a single server (Root + issuer)

Answer 3

@Osama Mansoor

It depends, if you use Active Directory to manage your clients you can install the CA Role on your Windows Server as a Root CA and the root certificate will be automatically distributed to all the domain clients.
If you think you will never have the need of a Root CA but you only need this specific use-case, then you can install the CA Role as a Standalone CA, export the root certificate and import it in the needed client. Then you will create the code-signing certificate through the server webpanel, after creating a code-signing certificate template

Here are a few links:
CA Role Installation and root certificate export (the guide will be for Root CA role, but you can set Standalone CA in the appropriate step if you want): https://support.n4l.co.nz/s/article/How-to-install-Certificate-Authority-CA-server-and-create-certificates
Create code signing template: https://community.flexera.com/t5/Software-Vulnerability-Manager/Creating-Windows-CA-Code-Signing-Certificate-for-WSUS/ta-p/149698
use of the web panel to request certificate (otherwise, if you install a Root CA, you can request a certificate through the MMC Snap-in as in the Section 4.0 of the guide above):https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831649(v=ws.11)

hope this helps

Answer 4

It depends, if you use Active Directory to manage your clients you can install the CA Role on your Windows Server as a Root CA and the root certificate will be automatically distributed to all the domain clients.
If you think you will never have the need of a Root CA but you only need this specific use-case, then you can install the CA Role as a Standalone CA, export the root certificate and import it in the needed client. Then you will create the code-signing certificate through the server webpanel, after creating a code-signing certificate template

Please suggest i am still confused.

Yes we have Active Directory and we can push certificates through Group policy but I don't want too many extra servers for this purpose and also the ease of Administrative management.

i want a single server that will generate a code certificate for my JAR files (after my dba will provide CSR) and export the certificate and push through the group policy

Answer 5

Hello ,

Thank for reaching out.

Yes , you can take advantage of Microsoft Certificate service role in Windows Server.
Below is the article which describe is step by step to Install and configure Certificate server.

https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx

Hope this helps,