My Oracle Support Banner

OUD11g /12c - After Changing Replication Server Certificate, ldapsearch Returns "Could not decrypt an attribute" Error for Encrypted Attribute (Doc ID 2352747.1)

Last updated on OCTOBER 16, 2020

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


 After changing Replication Server Certificate, ldapsearch returns "Could not decrypt an attribute" Error for Encrypted Attribute

$ ldapsearch -h localhost -p <LDAP_PORT> -D "cn=<DS_ADMIN>" -w <PASSWORD> -b "<SUFFIX_DN>" -s sub uid=<UID1>
Cannot decode the provided ASN.1 sequence as an LDAP message because the sequence was null
Result Code: 2 (Protocol Error)

OUD Server shows the next Error:

[30/Oct/2017:11:07:55 -0500] category=CORE severity=SEVERE_ERROR msgID=262967 msg=Could not decrypt an attribute: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries



Replication Server Certificate Expired and a new Certificate (ads-certificate) was created with new Certificate.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.