My Oracle Support Banner

Standalone OID 11g (no WLS or EM) Configured for SSL Fails with: SSL handshake failed | [Root exception is Received fatal alert: handshake_failure] (Doc ID 2081341.1)

Last updated on FEBRUARY 22, 2018

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Standalone Oracle Internet Directory (OID) 11g with no GUI / WebLogic Server (WLS) or Enterprise Manager (EM) installed or integrated/registered.

Using the following procedure to configure for a new OID instance:
How To Add a Second OID Instance in Standalone OID 11g Where There Is No WLS Domain - Document 1911897.1

Applying SSL to the new OID instance as follows:

1. Create a wallet

./orapki wallet create -wallet ./wallet_oid -pwd *********

2. Create and add self sign certificate

./orapki wallet add -wallet ./wallet_oid -dn 'CN=Root,o=myorg' -keysize 1024 -self_signed -validity 3650 -pwd **********

3. Change ssl parameters in OID

orclsslAuthentication : 32
orclsslEnable: 2
orclsslPort: 3132
orclsslVersion: 3
orclsslWalletURL: file:/IDM/admin/oid_inst1/config/wallet_oid

But cannot connect through other non OVD client like JXplorer, receiving a handshake error:

javax.naming.CommunicationException: simple bind failed: [Root exception is Received fatal alert: handshake_failure]

Command line ldapbind also fails:

$ORACLE_HOME/bin/ldapbind  -h -p 3132 -U 2 -W file:/IDM/admin/oid_inst1/config/wallet_oid -Q
Please enter SSL wallet password:
 SSL handshake failed





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.