My Oracle Support Banner

Standalone OID 11g (no WLS or EM) Configured for SSL Fails with: SSL handshake failed | [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure] (Doc ID 2081341.1)

Last updated on FEBRUARY 22, 2018

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Standalone Oracle Internet Directory (OID) 11g 11.1.1.9 with no GUI / WebLogic Server (WLS) or Enterprise Manager (EM) installed or integrated/registered.

Using the following procedure to configure for a new OID instance:
How To Add a Second OID Instance in Standalone OID 11g Where There Is No WLS Domain - Document 1911897.1

Applying SSL to the new OID instance as follows:

1. Create a wallet

./orapki wallet create -wallet ./wallet_oid -pwd *********

2. Create and add self sign certificate

./orapki wallet add -wallet ./wallet_oid -dn 'CN=Root,o=myorg' -keysize 1024 -self_signed -validity 3650 -pwd **********

3. Change ssl parameters in OID

orclsslAuthentication : 32
orclsslEnable: 2
orclsslPort: 3132
orclsslVersion: 3
orclsslWalletURL: file:/IDM/admin/oid_inst1/config/wallet_oid

But cannot connect through other non OVD client like JXplorer, receiving a handshake error:

javax.naming.CommunicationException: simple bind failed: myoidhost.mycompany.com:3132 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]

Command line ldapbind also fails:

$ORACLE_HOME/bin/ldapbind  -h myoidhost.mycompany.com -p 3132 -U 2 -W file:/IDM/admin/oid_inst1/config/wallet_oid -Q
Please enter SSL wallet password:
 SSL handshake failed

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.