Chris_G_Davis_1
Dec 12, 2008Nimbostratus
Oracle 10g SSL Offload - JInitiator:X509CertChainInvalidErr error
Hi,
We are in the process of implementing ssl offload on our LTM-3400’s for Oracle 10g. The servers we are load balancing to on the backend are listening on port 80. We have a valid Verisign cert in place. The first time you connect to the ssl vip the server downloads “JInitiator” to the local computer which is a java program. Once the installation is complete it attempts to load the app from the server. But it fails with an “X509CertChainInvalidErr” java error. I figured out a work around for individual computers, but this isn’t a valid solution for the general public. The work around is to add the cert assigned to the ssl vip to what a I think is a cert chain file call “C:\Program Files\Oracle\JInitiator 1.3.1.26\lib\security\certdb.txt on the local computer. Once added I restart the browser and all is well.
Like I said earlier this isn’t a practical work around as this site will be used by the public.
Has anyone seem this or know how to fix it?
I attached a copy of the certdb.txt (example-certdb.txt) file without my cert for an example.
Any help would be greatly appreciated.
Thanks,
Christopher G Davis
Sr. Network Engineer
SITA Atlanta Data Center