My Oracle Support Banner

OAM - X509 Authentication Fails With: Path Does Not Chain With Any Of The Trust Anchors (Doc ID 2970382.1)

Last updated on AUGUST 25, 2023

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


On : version, Authentication Process

x509 authentication fails with: Path does not chain with any of the trust anchors

In logs appears:

<date/time> <Error> <oracle.oam.engine.authn> <OAMSSA-12117> <Cannot validate the user certificate. Path does not chain with any of the trust anchors


For Authentication was configured OAM X509 Auth module to authenticate end users with certificates.

Furthermore,  the CA certificate was added to the amtruststore and saved the configuration in the DB by using WLST: saveAccessArtifacts

In front of the OAM there is OHS, which terminates TLS and propagates the client certificate in WL-Proxy-Client-Cert HTTP header.
OHS is configured to require client certificates issued by the CA that is imported to the amtruststore.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.