OID 11g will not listen on SSL port after replacing certificate in wallet "gslsfliInitnzoscontext, failure with NZ 29106 when opening wallet" (Doc ID 2167975.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.1.7.0 version, Oracle Internet directory and Directory Integration Platform

When attempting to replace expired certificate in wallet
the following error occurs.

ERROR
-----------------------

In OID logs: (example)

Error from OID logs:
[2016-04-07T17:38:37-04:00] [OID] [ERROR:8] [23159] [OIDLDAPD] [host:
myOIDhost.us.oracle.com] [pid: 28330] [tid: 2] ServerListener :
In gslsfliInitnzoscontext, failure with NZ 29106 when opening wallet
file:/u01//mw/oidinst_1//OID/admin/oid1ssl.

[2016-04-07T17:38:37-04:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host:
myOIDhost.us.oracle.com] [pid: 28330] [tid: 2] ServerListener :
SSL wallet configuration incorrect,switching to SSL NO-AUTH mode.

 

DIP log (wls_ods1-diagnostics.log)
java.lang.Exception: Unable to locate the DIP Sync profile mbean - :oracle.idm.integration.sync.config:*:


LDAPBIND attempt:

./ldapbind -h myOIDhost.us.oracle.comt -p 389 -U 2 -D cn=orcladmin -q -W "/u01//mw/oidinst_1//OID/admin/oid1ssl" -Q

Unable to open wallet

Changes

 Replacing expired wallets

Oct CPU Patch 2015 - and higher enforces RFC 3280 (if the CPU has not been applied, you may not hit this issue)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms