My Oracle Support Banner

OID 11g After Reconfiguring For SSL Mode 2, EM FMW Control Console Fails with: Failed to load server configuration.Check the Internet Directory Server logs. Possible Error :"myoidhost.mycompany.com:636" | ldapbind Fails with: SSL handshake failed (Doc ID 1369063.1)

Last updated on FEBRUARY 14, 2019

Applies to:

Oracle Internet Directory - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Original Oracle Internet Directory (OID) 11g, i.e., 11.1.1.4 or higher, installation had been working with Oracle Directory Services Manager (ODSM) and Enterprise Manager (EM) Fusion MiddleWare (FMW) Control Console.

Configured SSL per following documentation without creating an additional oid instance:

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) E10029-03
Chapter 26 Configuring Secure Sockets Layer (SSL)

After this configuration and restart of the processes, unable to connect with ODSM or FMW EM.

Using FMW EM > oid1 > Administration > Server properties, it does not populate the fields and shows error:

Failed to load server configuration.Check the Internet Directory Server logs. Possible Error :"<OID HOSTNAME:SSL PORT#>"

Logging into ODSM via port 636 fails with:

Error
Server <OID HOSTNAME:SSL PORT#>
has failed SSL verification. This may be due to a host
address or port problem or trust could not be
verified or was declined.

Command line ldapbind to port 636 also fails:

ldapbind -h <oid hostname> -p <SSL PORT#> -U 1 -D "cn=orcladmin" -q
Please enter bind password:
SSL handshake failed




As per documentation, also tried reverting back to the original and default SSL mode 1 configuration on the oid1 instance by performing the following steps:

Login to ODSM (via working non-ssl port) > Data Browser
Expand Root > cn=subconfigsubentry > cn=osdldapd > cn=oid1
On the right hand side, scroll down and make the following changes:
- Verify orclsslEnable is set to 2 (for both ssl and non-ssl access)
- Set orclsslAuthentication to 1 (for default mode 1 SSL)
- Ensure orclsslWalletURL is set to file:<nothing> (so file location is now empty)
Click Apply changes on top right of the screen
Stop then start the oid1 instance

But the same symptoms continued.

Changes

Reconfigured the oid instance for a different SSL mode.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.