Forum Discussion
NimbostratusF5 Certifcate issue
Hi,
I am doing the load balancing (SSL offload) my EBS Oracle suite throgh F5. But I am getting the below mention cerficate error. I have installed the root CA from digicert along with the other certificate. All the tabs of application is working fine only one particular tab is through the error.
Please note that we are installing the certificate only on F5 not on the server.
An error has occured while contacting the Knowledge Integration Servlet. Error Message : Oracle error 2001: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error has been detected in callServer
I have even created the new CSR and get the duplicate certifcate from DigiCert but no luck.
8 Replies
Brad_ParkerCirrus
Is there an intermediate certificate in play?
Wasim_Hassan_13I got two certificate from the digicert. ONe root and one SAN certificate which includes all my domain names.
I am getting this error on the User side, EBS has multiple modules only one particular module tab is through this error. We have even reinstall the certiifate on the F5 but still the same result.
- Brad_Parker
Look at your SAN cert and see what certificate is the issuer, I would venture that its not the root. You need to include the intermediate in your chain in the ssl profile. Here is the list of DigiCert's intermediates downloads. https://www.digicert.com/digicert-root-certificates.htmintermediates
- Brad_ParkerOn other thing to check is that the client trusts the DigiCert root.
Brad_Parker_139Nacreous
Look at your SAN cert and see what certificate is the issuer, I would venture that its not the root. You need to include the intermediate in your chain in the ssl profile. Here is the list of DigiCert's intermediates downloads. https://www.digicert.com/digicert-root-certificates.htmintermediates
- Brad_Parker_139On other thing to check is that the client trusts the DigiCert root.
- Wasim_Hassan_13
Hi,
I have intermediate certificate installed in F5.
DigiCert High Assurance EV CA-1
- Mr_H_29744
Add the intermediate to the chain in your SSL Profile. Use an SSL checking tool to verify the path/trust chain/validity. https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
Have to say of late if you edit your post it seems to dissapear, quite frustrating.
