SSL connection fail: basic constraints check failed: this is not a CA certificate

Question

Hi guys, 
I have a problem with https connection via F5:
(MY SERVER/ APP) ---https request----&gt; F5 (irule which copy auth info to header) ------http request---&gt; another app
Ive created keystore (jks file) on MY SERVER/ APP (using java keytool):
keytool -genkey -keyalg RSA -alias myAliasSelfSigned -keystore keystore-client.jks -storepass password -validity 7200 -keysize 2048
I`ve created VIP which use SSL Profile (client) with settings: Parent clientssl, certificate: default, Key: default, Chain : default, Trusted Certificate Authorities: default
Client Authentication:
Client Certificate: request, Frequency: once, Cert Chain Traversal Depth: 9, Advertised Certificate Authorities: None.
After request from MY SERVER/ APP to F5 I get an exception:
java.security.cert.CertPathValidatorException: basic constraints check failed: this is not a CA certificate
What is wrong with my configuration?

samir_jha_52506 · Answer

As per error, it seems you need to install cert n root cert at Oracle/soa application filestore. Please do the debug at server side n get the exact location and install certificate and bounce service.. Hope issue will solve.

michalf_360460 · Answer

I dont understand how can I install cert/root cert at Oracle app filestore. I`ve already created keystore on my app using keytool. I think the problem is not trusting F5 to my configuration. Am I right? 
I generated only keystore (keytool -genkey -alias tomcat -keyalg RSA -keystore /keystore-location
-storepass password)
I didnt create Certificate Request and send it to CA

samir_jha_52506 · Answer

You need to push cert to Oracle/SOA keystore-client.jks violet &amp; issue will solve. Its not the issue of F5 configuration. Issue exist with Backend server..

michalf_360460 · Answer

You need to push cert to Oracle/SOA
Which cert do you mean? cert from F5? &nbsp;

samir_jha_52506 · Answer

What ever cert you are applying on F5 same to be applied on application level.&nbsp;

Forum Discussion

SSL connection fail: basic constraints check failed: this is not a CA certificate

6 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate