Forum Discussion
NimbostratusSSL connection fail: basic constraints check failed: this is not a CA certificate
Hi guys, I have a problem with https connection via F5:
(MY SERVER/ APP) ---https request----> F5 (irule which copy auth info to header) ------http request---> another app
Ive created keystore (jks file) on MY SERVER/ APP (using java keytool):
keytool -genkey -keyalg RSA -alias myAliasSelfSigned -keystore keystore-client.jks -storepass password -validity 7200 -keysize 2048I`ve created VIP which use SSL Profile (client) with settings: Parent clientssl, certificate: default, Key: default, Chain : default, Trusted Certificate Authorities: default
Client Authentication: Client Certificate: request, Frequency: once, Cert Chain Traversal Depth: 9, Advertised Certificate Authorities: None.
After request from MY SERVER/ APP to F5 I get an exception: java.security.cert.CertPathValidatorException: basic constraints check failed: this is not a CA certificate
What is wrong with my configuration?
Samir_Jha_52506Noctilucent
As per error, it seems you need to install cert n root cert at Oracle/soa application filestore. Please do the debug at server side n get the exact location and install certificate and bounce service.. Hope issue will solve.
michalf_360460I dont understand how can I install cert/root cert at Oracle app filestore. I`ve already created keystore on my app using keytool. I think the problem is not trusting F5 to my configuration. Am I right?
I generated only keystore (
) I didnt create Certificate Request and send it to CAkeytool -genkey -alias tomcat -keyalg RSA -keystore /keystore-location -storepass password- Samir_Jha_52506
You need to push cert to Oracle/SOA
violet & issue will solve. Its not the issue of F5 configuration. Issue exist with Backend server..keystore-client.jks - michalf_360460You need to push cert to Oracle/SOA
Which cert do you mean? cert from F5?