Replacing the Existing ActiveMatrix BPM SSO Certificates
In Java 8, the MD5withRSA algorithm has been disabled. This change invalidates the existing ActiveMatrix BPM SSO certificates in the default keystores (amx-bpm-wss-keystore.jks and amx-bpm-wss-truststore.jks) If you use these certificates for SSO authentication, you must manually replace the existing keystores with new, compliant versions that are supplied with ActiveMatrix BPM 4.3.
The new keystores are not installed automatically as part of an upgrade, because doing so would overwrite any other certificates that you may have written to those keystores.
You only need to perform this step if you use the existing ActiveMatrix BPM SSO certificates in the default keystores, and if you are upgrading from ActiveMatrix BPM version 4.1 or earlier. If you use your own certificates and different keystores, you do not need to do anything.