You can use the orapki utility to display whether your wallet contains a certificate signed with MD5 algorithm.

1. Locate orapki and the keytool path:
   (orapki) ORACLE_HOME/oracle_common/bin/orapki
   (Keytool) ORACLE_HOME/oracle_common/jdk/jre/bin
2. Set the JAVA_HOME environment variable as follows:
   export JAVA_HOME=ORACLE_HOME/oracle_common/jdk/jre/
3. Enter the following command to display the contents of the wallet:
   orapki wallet display -wallet wallet_location
   Sample command:
   ORACLE_HOME/oracle_common/bin/orapki wallet display -wallet /scratch/ohs14.1.2.0.0_install/walletohs2/
   Output:

   Oracle PKI Tool : Version 14.1.2.0.0
   Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
   
   Requested Certificates:
   User Certificates:
   Subject: CN=www.xyx.com,C=IN
   Trusted Certificates:
   Subject: CN=www.xyx.com,C=IN

4. Identify the domain name (DN) of the certificate present in the wallet. In this example, Subject of User Certificates is the DN of the certificate present in the wallet; which is CN=www.xyx.com,C=IN.
5. Export the certificate present in the wallet as shown in the following example:
   orapki wallet export -wallet wallet_Location -dn 'DN_string' -cert certificate_file
   Sample command:
   ORACLE_HOME/oracle_common/bin/orapki wallet export -wallet /scratch/ohs14.1.2.0.0_install/walletohs2/ -dn  'CN=www.xyx.com,C=IN' -cert wallet.cert
6. Use the keytool to check the signature algorithm used to sign the certificate_file that you exported in the previous step by entering the following command:
   ORACLE_HOME/oracle_common/jdk/jre/bin/keytool -printcert -file certificate_file
   Sample command:
   /scratch/ohs14.1.2.0.0_install/oracle_common/jdk/jre/bin/keytool -printcert -file wallet.cert
   Output:

   Owner: CN="Self-Signed Certificate for ohs3 ", OU=OAS, O=ORACLE, L=REDWOODSHORES, ST=CA, C=US
   Issuer: CN="Self-Signed Certificate for ohs3 ", OU=OAS, O=ORACLE, L=REDWOODSHORES, ST=CA, C=US
   Serial number: cd7081c47adb9ff867da01e3fe383e0f
   Valid from: Fri Jul 01 04:21:40 PDT 2024 until: Sat Jun 19 04:21:40 PDT 2066
   Certificate fingerprints:
    MD5: 89:4D:C4:B4:28:7E:D4:0A:93:CA:E4:97:0C:F0:CE:86
    SHA1: 53:FB:D6:58:0D:09:85:E9:6D:55:E2:92:E7:87:08:B8:65:92:15:9E
    Signature algorithm name: MD5withRSA
    Version: 1

   Signature algorithm name: MD5withRSA implies that MD5 algorithm is being used to sign the certificate present in the wallet.

If MDS is present in your wallet, the signature algorithm name is displayed as MDSwithRSA. You must replace this certificate with certificate signed using SHA2 algorithm.

1. Enter the following command to remove a user certificate signed using MD5 algorithm:
   orapki wallet  remove -wallet wallet_location -dn 'DN_string' -user_cert -auto_login_only
   Sample command:
   /scratch/ohs14.1.2.0.0_install/oracle_common/bin/orapki wallet remove -wallet /scratch/ohs14.1.2.0.0_install/walletohs2/ -dn 'CN=www.xyx.com,C=IN' -user_cert -auto_login_only
   Output:

   Oracle PKI Tool : Version 14c (14.1.2.0.0)
   Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.

2. If the user certificate is a self-signed certificate, you need to remove it from the trusted certificate and the requested certificate list by entering the following commands:
   orapki  wallet  remove  -wallet  wallet_location -dn  'DN_string' -trusted_cert  -auto_login_only
   orapki  wallet  remove  -wallet  wallet_location -dn  'DN_string' -cert_req  -auto_login_only
   Sample command:
   /scratch/ohs14.1.2.0.0_install/oracle_common/bin/orapki wallet remove -wallet /scratch/ohs14.1.2.0.0_install/walletohs2/ -dn 'CN=www.xyx.com,C=IN' -trusted_cert -auto_login_only
   Output:

   Oracle PKI Tool : Version 14.1.2.0.0
   Copyright (c) 2024, 2016, Oracle and/or its affiliates. All rights reserved.

3. If a wallet has trusted certificate or a certificate request which is signed using MD5 algorithm, remove that certificate by entering the following commands:
   orapki wallet remove -wallet wallet_location -dn 'DN_string' -trusted_cert -auto_login_only remove cert request
   orapki wallet remove -wallet wallet_location -dn 'DN_string' -cert_req -auto_login_only

If you are using CA-signed user certificate that is signed with MD5 algorithm, contact your certificate authority to a get a new user certificate signed with SHA-2 algorithm and import it in to the wallet.

1. If certificate is self-signed, enter the following command to add self-signed certificate signed using SHA-2 algorithm:
   orapki wallet add -wallet wallet_Location  -dn 'DN_String' -keysize 2048 -sign_alg sha256  -self_signed -validity 9125 -auto_login_only
   Sample command:
   /scratch/ohs14.1.2.0.0_install/oracle_common/bin/orapki wallet add -wallet /scratch/ohs14.1.2.0.0_install/walletohs2/ -dn 'CN=www.xyx.com,C=IN' -keysize 2048 -sign_alg sha256  -self_signed -validity 9125 -auto_login_only
2. Add trusted certificate signed using SHA-2 algorithm to wallet by entering the following command:
   orapki -wallet add -wallet wallet_location -trusted_cert -cert certificate_file -auto_login_only
3. Add user certificate signed using SHA-2 algorithm to wallet by entering the following command:
   orapki -wallet add -wallet wallet_location -user_cert -cert certificate_file -auto_login_only

Owner: CN=www.xyx.com, C=IN
Issuer: CN=www.xyx.com, C=IN
Serial number: f689ec6986c70f973138962eb2f0e5f9
Valid from: Wed May 11 04:01:24 PDT 2024 until: Sat Oct 27 04:01:24 PDT 2025
Certificate fingerprints:
   MD5:  D7:0F:CB:00:A7:04:33:DA:2F:8A:AD:C9:2A:9E:DF:26
   SHA1: D4:6C:51:DB:53:B5:F5:C7:60:8D:8B:95:68:E6:B0:5E:E8:00:ED:DF
   SHA256: B1:EF:73:98:EA:6A:1A:60:FF:1F:10:89:8C:B8:16:63:71:03:1B:6E:38:D1:2D:AE:E9:BD:3E:13:BE:AF:A0:76
   Signature algorithm name: SHA256withRSA
   Version: 1

By default, support of certificate signed with MD5 algorithm has been removed because the security of MD5 algorithm is severely compromised. If you still want to use certificate signed using MD5 algorithm, you can enable the support for a certificate signed with MD5 algorithm by following the procedure in this section. However, enabling support for certificates signed using MD5 algorithm is not recommended.

1. For Standalone Oracle HTTP Server deployment:
   1. Stop the Oracle HTTP Server instance and the Node Manager.
   2. Change to the following staging directory:
      (UNIX) ORACLE_HOME/user_projects/domains/base_domain/config/fmwconfig/components/OHS/ohs1/
      (Windows) ORACLE_HOME\user_projects\domains\base_domain\config\fmwconfig\components\OHS\ohs1\
   3. Open the ohs.plugins.nodemanager.properties file in edit mode and add the following line:
      environment.ORACLE_SSL_ALLOW_MD5_CERT_SIGNATURES = 1
   4. Restart the Node Manager and the Oracle HTTP Server instance.
2. For Managed Oracle HTTP Server deployment:
   1. Stop the Oracle HTTP Server instance, Node Manager, and the WebLogic Server.
   2. Change to the following staging directory:
      (UNIX) ORACLE_HOME/user_projects/domains/base_domain/config/fmwconfig/components/OHS/ohs1/
      (Windows) ORACLE_HOME\user_projects\domains\base_domain\config\fmwconfig\components\OHS\ohs1\
   3. Open the ohs.plugins.nodemanager.properties file in edit mode and add the following line:
      environment.ORACLE_SSL_ALLOW_MD5_CERT_SIGNATURES = 1
   4. Restart the WebLogic Server, Node Manager, and the Oracle HTTP Server instance.