Error - key usage does not include certificate signing - Occurs When Using Self-Signed Certificate in OAG

(Doc ID 2348420.1)

Last updated on JANUARY 18, 2018

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Goal

When trying to use a particular Servers self signed certificate in Oracle API gateway to connect via HTTPS, the following error is being seen during the SSL handshake:

DATA  [SSL verify_cb, 20, 0 ] key usage does not include certificate signing, { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
ERROR [SSL verify_cb, 14, 0 ] unable to get local issuer certificate, { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
DEBUG  cert verifier for require presented cert to match destination server's hostname: 0
DEBUG  cert verifier for require CA cert from chain to be in context: 0
ERROR [SSL alert write 230, 1131]: unknown CA [fatal] { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
ERROR [SSL_connect, 5]: error - unable to get local issuer certificate { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
ERROR [SSL_connect, 5]: error - unable to get local issuer certificate.

Why is this error happening, and how can it be overcome?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms