java.security.cert.CertificateException: Can't Verify Cert Error With New CA Certificate With Longer Validity
Last updated on JANUARY 13, 2017
Applies to:Oracle API Gateway - Version 188.8.131.52.1 and later
Information in this document applies to any platform.
Some systems use certificates which are signed by a CA which is a subordinate CA of a Group Root CA II, org Group (http://rootca.com/en/rootca2_subcas.htm).
OEG has been configured with ROOT CA org Group Root CA II + org-cai (old expiring in 2016), which means that the certificates can be created with 2 years validity in this time.
A new CA certificate from org Group Root CA II to org-cai (new) was obtained; all works fine.
Because some client SSL certificates have to be provided for some business partners for mutual authentication, the configuration of OEG must be extended by this new certificate CA org-cai.
Therefore, the new CA certificate org-cai has been added to cacerts and to OEG configuration.
This causes the SSL authentication to stop working.
The following is output seen in the trace:
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms