Not all SSL Certificate Keys allow for the signing of our Jar files and will cause the following error to be displayed even after following the instructions within the PAM documentation on using a 3rd party SSL Certificate:
sun.security.validator.validatorexception: extended key usage does not permit use for code signing
There are two solutions to this.
- Contact the Certificate Authority and get a new certificate which can be used for code signing.
- Do the following: -
- Stop Orchestrator.
- Make the switch back to PAM s self-signed certificate.
- Sign the jars.
- Switch the certificate to the Authority provided certificate. DO NOT sign jars again!
- Start Orchestrator.
If option 2 is utilized: every time a patch or connector is installed the same process will have to be done to re-sign the new Jar files.