java.security.cert.CertificateException: Can't Verify Cert Error With New CA Certificate With Longer Validity
(Doc ID 1945265.1)
Last updated on MARCH 26, 2019
Applies to:Oracle API Gateway - Version 220.127.116.11.1 and later
Information in this document applies to any platform.
Some systems use certificates which are signed by a CA which is a subordinate CA of a Root CA (http://<HOST>.<DOMAIN>/<ROOTCA>.htm).
OEG has been configured with ROOT CA (expiring in a year), which means that the certificates can be created with <number of> years validity.
A new CA certificate from the Root CA (new) was obtained; all works fine.
Because some client SSL certificates have to be provided for some business partners for mutual authentication, the configuration of OEG must be extended by this new certificate CA.
Therefore, the new CA certificate has been added to cacerts and to OEG configuration.
This causes the SSL authentication to stop working.
The following is output seen in the trace:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document