SSL Client Authentication Fails with Estonian Client Certificates (Doc ID 1342438.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle HTTP Server - Version: 10.1.2.0.2 to 10.1.3.5.0 - Release: AS10gR2 to AS10gR3
Information in this document applies to any platform.

Symptoms

openssl x509 -noout -text -in clientcert64.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1298993560 (0x4d6d1198)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=EE, O=AS Sertifitseerimiskeskus, OU=Testsertifikaadid, CN=TEST
-SK
Validity
Not Before: Mar 1 15:32:40 2011 GMT
Not After : Apr 7 11:42:17 2012 GMT
Subject: C=EE, O=TEST-ESTEID, OU=authentication, CN=*****
K, GN=*******
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a0:32:44:4d:38:dd:90:9a:14:aa:a1:b3:8b:ec:
a1:81:65:eb:d6:a6:e6:36:4f:29:1d:46:04:de:41:
18:38:c3:14:e4:2f:45:08:e3:16:3c:0f:cc:74:af:
b7:9b:f4:1a:5c:29:29:9d:78:b8:fe:7c:f0:67:06:
fa:f9:26:cb:4c:3f:85:6b:7c:de:df:84:88:fd:b4:
ea:b0:11:8c:df:a6:4a:53:77:70:2d:ac:f9:16:1b:
c3:c4:b1:14:c5:23:d1:48:12:8c:74:d5:dd:5c:5f:
c3:fc:03:9d:5e:4d:b1:23:b2:c5:31:cc:18:ff:30:
a8:e6:08:3c:01:cc:f8:31:6f:40:a8:8f:1d:71:aa:
a9:29:20:6e:37:97:35:1f:e2:24:7e:c7:a1:c9:99:
33:42:5d:d3:73:bd:6c:33:56:86:e9:ef:1a:87:14:
06:d7:50:4a:03:07:57:8d:fe:b7:93:55:19:b2:f8:
b7:e7:bc:72:51:c9:59:e0:d7:0f:e8:17:f0:45:60:
41:d0:60:d9:9f:e9:c7:92:ba:29:a0:1e:10:70:b2:
ef:63:c5:3a:4c:46:dd:44:1c:d6:51:2e:89:9f:52:
69:18:32:dd:78:60:06:f1:bd:07:14:59:c9:6a:4b:
97:06:ed:80:4f:72:fd:6f:25:17:d4:26:59:80:72:
cd:c5
Exponent: 2127231375 (0x7ecaf98f)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
X509v3 CRL Distribution Points:
URI:xxx

X509v3 Subject Alternative Name:
email:xxxxxx
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.10015.3.1.1.1
User Notice:
Explicit Text: Testsertifikaat.
CPS: http:xxxx

qcStatements:
0
0......F..
X509v3 Authority Key Identifier:
keyid:02:05:27:DD:A8:72:87:B7:82:C0:5B:39:2A:7F:E3:38:F2:FA:52:0
9

X509v3 Subject Key Identifier:
B9:F2:EB:C4:96:C6:F9:42:EA:88:38:A4:D5:A8:1D:C6:B0:42:B9:24
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
1b:1c:20:00:dc:aa:8f:f9:e5:34:3d:90:d3:18:b3:b7:b6:c5:
16:a1:bd:34:35:e6:d5:a4:d7:05:71:87:4c:60:d4:18:d9:88:
a5:5f:b4:0b:88:61:da:d7:a2:b8:77:98:4b:45:25:d4:34:e9:
97:f9:03:fa:17:11:40:0a:fa:af:73:e2:79:34:b4:48:dc:61:
c4:8b:cf:46:bd:a0:32:3d:64:7c:22:c0:4e:2e:42:27:0b:f7:
51:d7:37:2c:30:db:54:3a:30:09:14:c9:41:41:06:58:8e:0f:
ad:94:3d:8a:df:e3:a8:d2:69:5d:19:95:d8:37:b4:15:5f:fa:
77:32:9c:87:28:32:0a:49:97:95:c8:c8:6a:4e:78:8d:71:96:
19:41:29:f4:55:86:2f:82:3c:2a:47:59:88:27:50:c9:92:f7:
00:de:a7:ac:fc:7b:dd:38:0f:b9:cd:9e:95:11:a3:55:a4:01:
ef:93:0f:2c:c9:66:63:21:ad:f8:43:c8:4e:7c:0a:10:87:39:
fd:8f:7c:03:06:73:5f:0a:6f:42:cc:fe:29:5c:9d:9f:1d:49:
d5:18:51:58:fd:fa:e9:21:95:c5:4a:31:ad:0a:c5:ea:0d:a3:
98:b1:9a:5a:2e:18:b2:76:76:e2:77:ba:5e:42:f5:b4:d0:d3:
36:e6:d0:94
[26-APR-2011 16:53:23:563] nzumalloc: entry
[26-APR-2011 16:53:23:563] nzumalloc: entry
[26-APR-2011 16:53:23:563] nzbsn_set_name: exit
[26-APR-2011 16:53:23:563] nzdksesv_store_enc_private: entry
[26-APR-2011 16:53:23:563] nzdksesv_store_enc_private: B_CreateKeyObject() returned error 524
[26-APR-2011 16:53:23:563] nzdksesv_store_enc_private: exit
[26-APR-2011 16:53:23:563] nzumalloc: entry
[26-APR-2011 16:53:23:563] nzumalloc: entry
[26-APR-2011 16:53:23:565] nzbec_expand_cert: returning error: 28750
[26-APR-2011 16:53:23:565] nzbd2c_DER_to_cert: nzbec_expand_cert() returned error 28750
[26-APR-2011 16:53:23:565] nzbd2c_DER_to_cert: returning error: 28750
[26-APR-2011 16:53:23:565] nzdcfcx_free_cert_ctx: entry
[26-APR-2011 16:53:23:565] nzdcfcx_free_cert_ctx: exit
[26-APR-2011 16:54:38:100] nzddrdi_deinit: entry
[26-APR-2011 16:54:38:100] nzddrdi_deinit: exit
26/Apr/2011 16:53:20 04234] [error] SSL call to NZ function nzosGetPeerCredential failed with error 1 (server server:443, client x.x.x.x)
[26/Apr/2011 16:53:20 04234] [error] Unknown error
[26/Apr/2011 16:53:20 04231] [error] SSL call to NZ function nzosGetPeerCredential failed with error 1 (server server:443, client x.x.x.x)
[26/Apr/2011 16:53:20 04231] [error] Unknown error
[26/Apr/2011 16:53:23 04232] [error] SSL call to NZ function nzosGetPeerCredential failed with error 1 (server server:443, client x.x.x.x)
[26/Apr/2011 16:53:23 04232] [error] Unknown error

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms