Urgent Action Required for Essbase on OCI Marketplace

To avoid loss of service, before April 15, 2026, you must use an Autonomous AI Database wallet downloaded after Jan 28, 2026 with your Essbase on OCI deployment. Apply a patch as described, and then use the rotate-schema-credentials.sh script to update your Essbase on OCI deployment with the new wallet.

Why is this action required?

After April 15, 2026, DigiCert will no longer trust G1 root certificates. If your Essbase instance uses mTLS with a wallet created before January 28, 2026, you will lose database connectivity. To ensure uninterrupted service, the rotate-schema-credentials.sh script needs a change in the underlying library.

How will this affect my service?

If your Essbase Marketplace deployment uses Autonomous AI Database as the repository, and you generated your wallet before January 28, 2026, your service will stop working after April 15, 2026. Older wallets use G1 root certificates, which DigiCert will distrust.

Required Action – Summary

On a machine with access to the public Internet and to the Essbase compute instance / VM, download the wallet patch file, and copy it to /tmp on the Essbase node. Change ownership of the file to the oracle user, stop the Essbase Server, and apply the patch.

Required Action – Steps

  1. SSH to the Essbase compute instance as the opc user and navigate to the /tmp directory.

  2. Download wallet.patch from the following location:

    https://raw.githubusercontent.com/oracle-quickstart/oci-essbase/refs/heads/main/scripts/walletpatch/wallet.patch

    Example:

    wget https://raw.githubusercontent.com/oracle-quickstart/oci-essbase/refs/heads/main/scripts/walletpatch/wallet.patch

  3. Change the file owner to oracle for wallet.patch.

    Example:

    sudo chown oracle:oracle /tmp/wallet.patch

  4. Install the patch utility.

    Example:

    sudo yum install -y patch

  5. Switch to oracle user.

    Example:

    sudo su oracle

  6. Stop Essbase.

    Example:

    /u01/config/domains/essbase_domain/esstools/bin/stop.sh

  7. Navigate to /u01/vmtools.

    Example:

    cd /u01/vmtools/

  8. Apply the patch.

    Example:

    patch -p0 < /tmp/wallet.patch

  9. Run a script to update your database wallet.

    Example:

    /u01/vmtools/sysman/rotate-schema-credentials.sh

    (You’ll be prompted for your database administrator password, and the wallet will update.)

  10. Restart Essbase.

    Example:

    /u01/config/domains/essbase_domain/esstools/bin/start.sh

  11. Log in to the Essbase web interface, and confirm your applications start up as expected.

Note:

For any other wallet-based Autonomous AI Database connection, download and use the new wallet.

Where can I find additional information?

For more details on the changes in Autonomous AI Database, refer to the blog post: https://blogs.oracle.com/autonomous-ai-database/autonomous-database-announcement-digicert

Refer to this link for the DigiCert announcement: https://knowledge.digicert.com/general-information/digicert-root-and-intermediate-ca-certificate-updates-2023

For Essbase on OCI Marketplace deployment release notes, see: Stack Deployment on OCI