OVD Active Directory SSL Adapter Fails with Error "Cannot retrieve certificate" (Doc ID 2086553.1)

Last updated on MAY 16, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Oracle Solaris on SPARC (64-bit)

Symptoms

OVD 11.1.1.7.0
JDK 1.6.0_45 on Solaris platform

Active Directory Adapters are configured using SSL ports in OVD
The SSL connectivity works fine when the cipher in Active Directory is "AES128-SHA".
When it is changed to "AES256-SHA" at AD end, it stops working with error "CA Certificate is not in Server Certificate Chain" in ODSM console.

OVD diagnostic log shows the following error:

[octetstring] [NOTIFICATION] [OVD-60383] [com.octetstring.vde.util.SSL] [tid: 23] [ecid: 0000L2GVjxlFw000jzwkno1MAHOC00000D,0] Cannot retrieve certificate.[[
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not parse key values

Caused by: java.io.IOException: extra data given to DerValue constructor
at sun.security.util.DerValue.init(DerValue.java:368)
at sun.security.util.DerValue.<init>(DerValue.java:277)
at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:991)
... 46 more

[octetstring] [ERROR] [OVD-60261] [com.octetstring.vde.admin.services.SSLMgmt] [tid: 23] [ecid: 0000L2GVjxlFw000jzwkno1MAHOC00000D,0] Cannot retrieve server certificate.[[
java.lang.Exception: Cannot retrieve certificate.

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms