My Oracle Support Banner

"OHS 11g (mod_proxy) -- https -- OHS 11g" Setup Fails with NZ-29024 When SSLVerifyClient Set to Require (Doc ID 1218383.1)

Last updated on MARCH 13, 2020

Applies to:

Oracle HTTP Server - Version to [Release Oracle11g]
Information in this document applies to any platform.


In a OHS 11g (a) <- mod_proxy / https -> OHS 11g (b) setup where we have "SSLVerifyClient require" in (b) <instance home>/config/OHS/<ohs instance>/ssl.conf to require a SSL client certificate, the handshake fails with the following errors in (b) error_log file:

2010-02-10T15:14:17.1431+01:00] [OHS] [ERROR:32] [] [http_core.c] [host_id: <HOST>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: ias] [VirtualHost: <HOST>:<PORT>] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]

[2010-02-10T15:14:17.1431+01:00] [OHS] [ERROR:32] [] [http_core.c] [host_id: <HOST>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: ias] [VirtualHost: <HOST>:<PORT>] nzos handshake error, nzos_Handshake returned 29024(server <HOST>:<PORT>, client <CLIENT_IP>)


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.