OID 11g After Reconfiguring For SSL Mode 2, EM FMW Control Console Fails with: Failed to load server configuration.Check the Internet Directory Server logs. Possible Error :"myoidhost.mycompany.com:636" | ldapbind Fails with: SSL handshake failed (Doc ID 1369063.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Original Oracle Internet Directory (OID) 11g, i.e., 11.1.1.4 or higher, installation had been working with Oracle Directory Services Manager (ODSM) and Enterprise Manager (EM) Fusion MiddleWare (FMW) Control Console.

Configured SSL per following documentation without creating an additional oid instance:

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) E10029-03
Chapter 26 Configuring Secure Sockets Layer (SSL)

After this configuration and restart of the processes, unable to connect with ODSM or FMW EM.

Using FMW EM > oid1 > Administration > Server properties, it does not populate the fields and shows error:

Failed to load server configuration.Check the Internet Directory Server logs. Possible Error :"myoidhost.mycompany.com:636"

Logging into ODSM via port 636 fails with:

Error
Server myoidhost.mycompany.com:636
has failed SSL verification. This may be due to a host
address or port problem or trust could not be
verified or was declined.

Command line ldapbind to port 636 also fails:

ldapbind -h <oid hostname> -p 636 -U 1 -D "cn=orcladmin" -q
Please enter bind password:
SSL handshake failed




As per documentation, also tried reverting back to the original and default SSL mode 1 configuration on the oid1 instance by performing the following steps:

Login to ODSM (via working non-ssl port) > Data Browser
Expand Root > cn=subconfigsubentry > cn=osdldapd > cn=oid1
On the right hand side, scroll down and make the following changes:
- Verify orclsslEnable is set to 2 (for both ssl and non-ssl access)
- Set orclsslAuthentication to 1 (for default mode 1 SSL)
- Ensure orclsslWalletURL is set to file:<nothing> (so file location is now empty)
Click Apply changes on top right of the screen
Stop then start the oid1 instance

But the same symptoms continued.

Changes

Reconfigured the oid instance for a different SSL mode.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms