My Oracle Support Banner

Directory Proxy Server (DPS) Fails To Connect To Directory Server (DS) with, 'certificate_unknown' error (Doc ID 1326577.1)

Last updated on MAY 17, 2018

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.
***Checked for relevance on 10-Apr-2014***


Directory Proxy Server (DPS) will not be able to connect with the backend Directory Server (DS) instances. The DS access log will show the following error.

25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - fd=23 slot=23 LDAPS connection from x.x.x.x:40647 to x.x.x.x
[25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - SSL error -8101 (Certificate type not approved for application.); unauthenticated client,CN=ldap-proxy,OU=XXX,O=ZZZ,L=YYY,ST=AAA,C=DE; issuer,CN=XXX YYY,OU=XXX,O=ZZZ,ST=AAA,C=XX
[25/Sep/2009:11:37:12 +0200] conn=348 op=0 msgId=-1 - closing from x.x.x.x:40647 - B4 - Server failed to flush BER data back to client -
[25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - closed.

and the DPS errors log displays:

25/Sep[/2009:11:37:12 +0200] - CONN - WARN - [Thread main] Unable to create a connection to LDAP server ldap1.zzz.xx:636/Exception: Unable to perform SSL initialization on socket to -- Received fatal alert: certificate_unknown




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.