My Oracle Support Banner

E-IB: F.A.Q. on PeopleSoft Certificate Keystores in Relation to "Untrusted Server Certificate Chain" Troubleshooting (Doc ID 2129957.1)

Last updated on JUNE 07, 2024

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.50 and later
Information in this document applies to any platform.

Purpose

There are a few general questions about PeopleSoft certificate keystores that are asked often, typically in relation to "Untrusted Server Certificate Chain" errors troubleshooting.
The below Q &A entries are meant to cover those typical questions in a single place, and to reduce the need for Support to answer those in service requests again and again.

Note: If you don't have your general question on this topic answered, please feel free to leave a comment to help us improve this document.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Purpose
Questions and Answers
 Q1. What is the difference between importing certificates into the repository seen via PIA page "Digital Certificates" and importing them into "pskey" keystore via pskeymanager?
 Q2. If one gets an "Untrusted Server Certificate Chain" error, which of the two keystores, Digital Certificates or pskey, is to be checked and updated to prevent it?
 Q3. Added to the right keystore the target certificate with CN like "host.xxxx.com" or "*.yyy.company.xxx", but the "Untrusted ..." error persists, why?
 Q4. Added to the right keystore the Root CA and intermediate CA certificate, cleared cache and restarted the server, and keeo getting "Untrusted ...", why?
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.