My Oracle Support Banner

Error - key usage does not include certificate signing - Occurs When Using Self-Signed Certificate in OAG (Doc ID 2348420.1)

Last updated on JANUARY 18, 2018

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Goal

When trying to use a particular Servers self signed certificate in Oracle API gateway to connect via HTTPS, the following error is being seen during the SSL handshake:

DATA  [SSL verify_cb, 20, 0 ] key usage does not include certificate signing, { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
ERROR [SSL verify_cb, 14, 0 ] unable to get local issuer certificate, { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
DEBUG  cert verifier for require presented cert to match destination server's hostname: 0
DEBUG  cert verifier for require CA cert from chain to be in context: 0
ERROR [SSL alert write 230, 1131]: unknown CA [fatal] { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
ERROR [SSL_connect, 5]: error - unable to get local issuer certificate { subject: /O=\x00M\x00E\x00R\x00C\x001\x00P\x00_\x00F\x00I\x00N\x00A\x00N\x00C\x00E/CN=MyHost }.
ERROR [SSL_connect, 5]: error - unable to get local issuer certificate.

Why is this error happening, and how can it be overcome?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.