Skip to Main Content
Forums

Application Development Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Root certificate is not trusted

870501Dec 27 2011 — edited Dec 27 2011
Hi!

I have installed the internatlly signed certificates according to steps in the Oracle documentation, however, I still ge the error that "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store".

Below is the error I receive when starting UCM server:
<27-Dec-2011 13:39:18 o'clock CET> <Notice> <Security> <BEA-090898> <Ignoring th
e trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=
(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=V
eriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certi
ficate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object
: 1.2.840.113549.1.1.11.>


I get this error when I click on the certificate in the browser. Below are the steps I performed. Can anyone help me understand, perhaps, I import my certificates incorrectly?

1. I've created a custom keystore using the following command:
keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -dname “CN=<domain name like test.com etc>, OU=<unite like Customer Support etc>, O=<your organization>, L=<your location>, ST=<state>, C=<country code like US>” -keystore identity.jks

2. Next, I generated a certificate sign-in request using this command:
keytool -certreq -alias mykey -file cert.csr -keystore identity.jks

3. After I received three certificates signed in by our internatl authority, main, intermediate, root. I imported each one of them.

4. I inserted those one by one into my custom store generated during step1 first. I used the following command for each certificate:
keytool -import -trustcacerts -keystore mystore.jks -storepass password -alias Root -import -file Trustedcaroot.txt

5.I also inserted all three into JAVA_HOME cacerts file, located on C:/Program Files/Java/jrockit.../jre/lib/security/cacerts using the same command as in step 4.

Next, I configured UCM_server 1 KEYSTORE to use Custom Identity and Java Trust. and pointed Custom Identity to my custom keystore file created in step1 and Java Trust to cacerts file updated in step5.

Despite of all steps above I cannot get the certificates to work. When I look at the certificate, it tells me that "This CA Root certificate is not turested. To enable trust, install this certificate in the Trusted Root Certification Authorities store".

Edited by: 867498 on 27-Dec-2011 05:45
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 24 2012
Added on Dec 27 2011
#webcenter, #webcenter-content
1 comment
1,177 views