Error - key usage does not include certificate signing - Occurs When Using Self-Signed Certificate in OAG
(Doc ID 2348420.1)
Last updated on FEBRUARY 06, 2024
Applies to:
Oracle API Gateway - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Goal
When trying to use a particular Servers self signed certificate in Oracle API gateway to connect via HTTPS, the following error is being seen during the SSL handshake:
DATA [SSL verify_cb, 20, 0 ] key usage does not include certificate signing, { subject: /O=<HEXADECIMAL CODE>/CN=<HOSTNAME> }.
ERROR [SSL verify_cb, 14, 0 ] unable to get local issuer certificate, { subject: /O=<HEXADECIMAL CODE>/CN=<HOSTNAME> }.
DEBUG cert verifier for require presented cert to match destination server's hostname: 0
DEBUG cert verifier for require CA cert from chain to be in context: 0
ERROR [SSL alert write 230, 1131]: unknown CA [fatal] { subject: /O=<HEXADECIMAL CODE>/CN=<HOSTNAME> }.
ERROR [SSL_connect, 5]: error - unable to get local issuer certificate { subject: /O=<HEXADECIMAL CODE>/CN=<HOSTNAME> }.
ERROR [SSL_connect, 5]: error - unable to get local issuer certificate.
Why is this error happening, and how can it be overcome?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |