My Oracle Support Banner

Directory Proxy Server (DPS) Fails To Connect To Directory Server (DS) with, 'certificate_unknown' error (Doc ID 1326577.1)

Last updated on FEBRUARY 01, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.


Directory Proxy Server (DPS) will not be able to connect with the backend Directory Server (DS) instances. The DS access log will show the following error.

25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - fd=23 slot=23 LDAPS connection from x.x.x.x:40647 to x.x.x.x
[25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - SSL error -8101 (Certificate type not approved for application.); unauthenticated client,CN=ldap-proxy,OU=XXX,O=ZZZ,L=YYY,ST=AAA,C=DE; issuer,CN=XXX YYY,OU=XXX,O=ZZZ,ST=AAA,C=XX
[25/Sep/2009:11:37:12 +0200] conn=348 op=0 msgId=-1 - closing from x.x.x.x:40647 - B4 - Server failed to flush BER data back to client -
[25/Sep/2009:11:37:12 +0200] conn=348 op=-1 msgId=-1 - closed.

and the DPS errors log displays:

25/Sep[/2009:11:37:12 +0200] - CONN - WARN - [Thread main] Unable to create a connection to LDAP server ldap1.zzz.xx:636/Exception: Unable to perform SSL initialization on socket to -- Received fatal alert: certificate_unknown




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.