My Oracle Support Banner

Punchout With SHA-2 Certificate Results In SSL Handshake Failed: X509CertChainInvalidErr Error (Doc ID 1926905.1)

Last updated on FEBRUARY 05, 2019

Applies to:

Oracle iProcurement - Version 12.1.3 and later
Information in this document applies to any platform.


 Suppliers are providing an updated version of SHA2 (SHA-2) SSL certificate, and it is observed that it is not possible to re-establish connectivity through the supplier's punchout after install of the new certificate.

Users encounter errors like the following:

Error Code: 201 Unable To Reach Supplier Site 


SSL handshake failed: X509CertChainInvalidErr


All certificates from suppliers using SHA1 certificates work as expected; is use of version SHA2 certificates supported by iProcurement?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.