Error in the JCS daily log when trying to connect to a secure endpoint: Netscape cert type does not permit use for SSL server
search cancel

Error in the JCS daily log when trying to connect to a secure endpoint: Netscape cert type does not permit use for SSL server

book

Article ID: 43617

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Issue: 

When attempting to establish a connection to an endpoint that uses SSL communication the following errors occur the in JCS Daily log: 

javax.naming.CommunicationException: simple bind failed: [HOST]:[PORT] [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server] 

[ApacheDS Worker-thread-111] (com.ca.jcs.common:org.apache.log4j.Category:843) ERROR  - Failed to verify server certificate chain sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server

 

Cause: 

These errors occur when there is a problem with the certificate being used in the SSL connection. The certificate that was imported into your JCS keystore does not contain the full certificate chain, there is likely an intermediate cert missing. 

 

Resolution: 

Reissue the full certificate chain, ensuring that all required certificates are present and import the new certificate into the JCS keystore. 

 

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component:
Powered by Wolken Software