OUD11g - After changing Replication Server Certificate, ldapsearch returns "Could not decrypt an attribute" Error for Encrypted Attribute

(Doc ID 2352747.1)

Last updated on JANUARY 26, 2018

Applies to:

Oracle Unified Directory - Version 11.1.2.3.1 to 11.1.2.3.180116 [Release 11g]
Information in this document applies to any platform.

Symptoms

 After changing Replication Server Certificate, ldapsearch returns "Could not decrypt an attribute" Error for Encrypted Attribute

$ ldapsearch -h localhost -p 2389 -D "cn=Directory Manager" -w Oracle123 -b "dc=example,dc=com" -s sub uid=user1
Cannot decode the provided ASN.1 sequence as an LDAP message because the sequence was null
Result Code: 2 (Protocol Error)

OUD Server shows the next Error:

[30/Oct/2017:11:07:55 -0500] category=CORE severity=SEVERE_ERROR msgID=262967 msg=Could not decrypt an attribute: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries

 

Changes

Replication Server Certificate Expired and a new Certificate (ads-certificate) was created with new Certificate.

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms