Directory Proxy Server (DPS) Fails To Connect To Directory Server (DS) with, 'certificate_unknown' error (Doc ID 1326577.1)

Last updated on JUNE 30, 2017

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.
***Checked for relevance on 10-Apr-2014***

Symptoms

Directory Proxy Server (DPS) will not be able to connect with the backend Directory Server (DS) instances. The DS access log will show the following error.

25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - fd=23 slot=23 LDAPS connection from x.x.x.x:40647 to x.x.x.x
[25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - SSL error -8101 (Certificate type not approved for application.); unauthenticated client E=xxx.yyy@zzz.de,CN=ldap-proxy,OU=XXX,O=ZZZ,L=YYY,ST=AAA,C=DE; issuer E=xxx.yyy@zzz.de,CN=XXX YYY,OU=XXX,O=ZZZ,ST=AAA,C=XX
[25/Sep/2009:11:37:12 +0200] conn=348 op=0 msgId=-1 - closing from x.x.x.x:40647 - B4 - Server failed to flush BER data back to client -
[25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - closed.




and the DPS errors log displays:

25/Sep[/2009:11:37:12 +0200] - CONN - WARN - [Thread main] Unable to create a connection to LDAP server ldap1.zzz.xx:636/Exception: Unable to perform SSL initialization on socket to ldap.zzz.de:636 -- javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms