Punchout to Supplier That is Using SHA-2 Certificate Gets IE Cannot Display the Web Page, and Pointing Directly to the Punchout Site Gets Invalid Security Certificate Error sec_error_unknown_issuer (Doc ID 1969779.1)

Last updated on DECEMBER 24, 2024

Applies to:

Symptoms

In 12.1.2 iProcurement
Punchout to supplier gets browser error indicating cannot display the web page, and pointing directly to the punchout site gets invalid security certificate error sec_error_unknown_issuer. This occurs after the supplier changed from SHA-1 to SHA-2 certificate

Error:
IE browser
Internet Explorer Cannot Display the Web Page

Firefox browser pointed directly to the punchout url
server.domain uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)

Replication Steps:
1. Navigate to iProcurement

2. Click on punchout catalog to go to supplier punchout site
- get error that Internet Explorer Cannot Display the Web Page

3. Point the browser directly to the punchout site
From Firefox
punchout.domain uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)
From IE
Get to the page and it shows a User ID / Password prompt
From Chrome
Get to the page and it shows a User ID / Password prompt

4. Capture debug log to find the complete url used by the application for the punchout
https://punchout.domain/ABC_Test/Eway/Default.aspx?sess={652c6057-727c-417e-9a50-5e1451f9a7ab}&bid={e93ab5c3-af3f-43ba-97da-13176b31aa4f}&orid={e93ab5c3-af3f-43ba-97da-13176b31aa4f}

5. Point the browser directly to the complete url
From Firefox
punchout.domain uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)
From IE (8.0.7601.17514)
Get to the page and it recognizes the punchout as the customer user (Hello Lastname, Firstname!)
From IE 8.0.6
Internet Explorer Cannot Display the Web Page
From Chrome (40.0.2214.11 m)
Get to the page and it recognizes the punchout as the customer user (Hello Lastname, Firstname!)

IMPACT
Users need to be able to do punchout to the supplier site after the supplier changed from using SHA-1 ssl certificate to using SHA-2 ssl certificate.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.