Manualshelf

Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
191192193194195196197198199200
Troubleshooting SSL
7-34 Oracle Database Advanced Security Administrator's Guide
A certificate authority for one of the certificates in the chain is not
recognized as a trust point.
The signature in one of the certificates cannot be verified.
Action: See "Opening an Existing Wallet" on page 8-13 to use Oracle Wallet
Manager to open your wallet and check the following:
Ensure that all of the certificates installed in your wallet are current (not
expired).
Ensure that a certificate authority's certificate from your peer's certificate
chain is added as a trusted certificate in your wallet. See "Importing a
Trusted Certificate" on page 8-25 to use Oracle Wallet Manager to import a
trusted certificate.
ORA-28885: No Certificate with Required Key Usage Was Found
Cause: Your certificate was not created with the appropriate X.509 Version 3
key usage extension.
Action: Use Oracle Wallet Manager to check the certificate's key usage. See
Table 8–1, "KeyUsage Values" on page 8-5.
ORA-29024: Certificate Validation Failure
Cause: The certificate sent by the other side could not be validated. This may
occur if the certificate has expired, has been revoked, or is invalid for another
reason.
Action: Check the following:
Check the certificate to determine whether it is valid. If necessary, get a new
certificate, inform the sender that her certificate has failed, or resend.
Check to ensure that the server's wallet has the appropriate trust points to
validate the client's certificate. If it does not, then use Oracle Wallet
Manager to import the appropriate trust point into the wallet. See
"Importing a Trusted Certificate" on page 8-25 for details.
Ensure that the certificate has not been revoked and that certificate
revocation list (CRL) checking is turned on. See "Configuring Certificate
Validation with Certificate Revocation Lists" on page 7-37
ORA-29223: Cannot Create Certificate Chain
Cause: A certificate chain cannot be created with the existing trust points for
the certificate being installed. Typically, this error is returned when the peer