OID 11g After Reconfiguring For SSL Mode 2, EM FMW Control Console Fails with: Failed to load server configuration.Check the Internet Directory Server logs. Possible Error :"myoidhost.mycompany.com:636" | ldapbind Fails with: SSL handshake failed
(Doc ID 1369063.1)
Last updated on FEBRUARY 14, 2019
Applies to:Oracle Internet Directory - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Original Oracle Internet Directory (OID) 11g, i.e., 184.108.40.206 or higher, installation had been working with Oracle Directory Services Manager (ODSM) and Enterprise Manager (EM) Fusion MiddleWare (FMW) Control Console.
Configured SSL per following documentation without creating an additional oid instance:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) E10029-03
Chapter 26 Configuring Secure Sockets Layer (SSL)
After this configuration and restart of the processes, unable to connect with ODSM or FMW EM.
Using FMW EM > oid1 > Administration > Server properties, it does not populate the fields and shows error:
Logging into ODSM via port 636 fails with:
Server <OID HOSTNAME:SSL PORT#>
has failed SSL verification. This may be due to a host
address or port problem or trust could not be
verified or was declined.
Command line ldapbind to port 636 also fails:
Please enter bind password:
SSL handshake failed
As per documentation, also tried reverting back to the original and default SSL mode 1 configuration on the oid1 instance by performing the following steps:
Login to ODSM (via working non-ssl port) > Data Browser
Expand Root > cn=subconfigsubentry > cn=osdldapd > cn=oid1
On the right hand side, scroll down and make the following changes:
- Verify orclsslEnable is set to 2 (for both ssl and non-ssl access)
- Set orclsslAuthentication to 1 (for default mode 1 SSL)
- Ensure orclsslWalletURL is set to file:<nothing> (so file location is now empty)
Click Apply changes on top right of the screen
Stop then start the oid1 instance
But the same symptoms continued.
Reconfigured the oid instance for a different SSL mode.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document