Oracle HTTP Server Fail to Start with the Error "No SSL Wallet [hint: SSLWallet]" when Wallet Containing a SHA2 Self Signed Certificate is Used
(Doc ID 2439461.1)
Last updated on FEBRUARY 16, 2024
Applies to:
Oracle HTTP Server - Version 11.1.1.7.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle HTTP Server 11.1.1.9, fails to start when wallet containing a self signed SHA2 certificate is used.
ohs log file shows this:
[2018-09-17T14:26:14.1071+05:30] [OHS] [ERROR:32] [OHS-201] [core.c] [host_id: <HOSTNAME>] [host_addr: IP] [pid: <PID>] [tid: <TID>] [user: <USER>] [VirtualHost: <HOSTNAME>:4443] No SSL Wallet [hint: SSLWallet] [2018-09-17T14:26:25.0599+05:30] [OHS] [ERROR:32] [OHS-201] [core.c] [host_id: <HOSTNAME>] [host_addr: IP] [pid: <PID>] [tid: <TID>] [user: <USER>] [VirtualHost: <HOSTNAME>:4443] No SSL Wallet [hint: SSLWallet]
Enabled debug as below:
Set these in "httpd.conf":
ErrorLog "${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/error_log" LogLevel debug OraLogMode apache
Create a "sqlnet.ora" file in '$ORACLE_HOME/network/admin' directory. TRACE_LEVEL_SERVER=16 TRACE_DIRECTORY_SERVER=<path_to_oracle_home>/network/admin
Reference: -------- <Note:2127982.1> - How To Debug Oracle HTTP Server (OHS) And SSL (NZ) In FMW 11G (11.1.1.X) And FMW 12C (12.1.X AND 12.2.X)
After above steps OHS error log shows this:
[Mon Sep 17 14:57:32 2018] [debug] aime_www\www\src\modplsql\sosd\swwwap.c(1004): mod_plsql: plsql_start called [Mon Sep 17 14:57:32 2018] [info] mod_unique_id: using ip addr IP [Mon Sep 17 14:57:33 2018] [info] OHS:2012 Init: Initializing (virtual) servers for SSL [Mon Sep 17 14:57:33 2018] [info] OHS:2058 Configuring server for SSL protocol [Mon Sep 17 14:57:33 2018] [debug] ssl_engine_init.c(1447): OHS:2055 Init: (HOSTNAME:9999) Configuring permitted SSL ciphers [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] [Mon Sep 17 14:57:33 2018] [info] OHS:2058 Configuring server for SSL protocol [Mon Sep 17 14:57:33 2018] [error] OHS:2016 No SSL Wallet [hint: SSLWallet] [Mon Sep 17 14:57:43 2018] [debug] aime_www\www\src\modplsql\sosd\swwwap.c(1004): mod_plsql: plsql_start called [Mon Sep 17 14:57:43 2018] [info] mod_unique_id: using ip addr IP [Mon Sep 17 14:57:44 2018] [info] OHS:2012 Init: Initializing (virtual) servers for SSL [Mon Sep 17 14:57:44 2018] [info] OHS:2058 Configuring server for SSL protocol [Mon Sep 17 14:57:44 2018] [debug] ssl_engine_init.c(1447): OHS:2055 Init: (HOSTNAME:9999) Configuring permitted SSL ciphers [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] [Mon Sep 17 14:57:44 2018] [info] OHS:2058 Configuring server for SSL protocol [Mon Sep 17 14:57:44 2018] [error] OHS:2016 No SSL Wallet [hint: SSLWallet]
trace file shows this: ------------ [02-JUL-2018 10:43:56:211] Using wallet locator from caller argument .. [02-JUL-2018 10:43:56:211] nzdcpgfd_get_file_data: entry [02-JUL-2018 10:43:56:211] nzdcpaf_assemble_filename: entry [02-JUL-2018 10:43:56:211] snzdafn_assemble_filename: entry [02-JUL-2018 10:43:56:211] nziropen: entry [02-JUL-2018 10:43:56:211] nzdfo_open: entry [02-JUL-2018 10:43:56:211] snzdfo_open_file: entry [02-JUL-2018 10:43:56:211] Opening file <PATH TO>\ewallet.p12 with READ ONLY permissions [02-JUL-2018 10:43:56:211] nziropen: entry [02-JUL-2018 10:43:56:211] nzdfo_open: entry [02-JUL-2018 10:43:56:211] snzdfo_open_file: entry [02-JUL-2018 10:43:56:211] Opening file <PATH TO>\cwallet.sso with READ ONLY permissions [02-JUL-2018 10:43:56:227] nzirretrieve: entry [02-JUL-2018 10:43:56:227] nzdfr_reset: entry [02-JUL-2018 10:43:56:227] nzdfr_reset: exit [02-JUL-2018 10:43:56:227] nzdfr_reset: entry [02-JUL-2018 10:43:56:227] nzdfr_reset: exit [02-JUL-2018 10:43:56:227] nzirclose: entry [02-JUL-2018 10:43:56:227] nzdfc_close: entry [02-JUL-2018 10:43:56:227] nzdfc_close: exit [02-JUL-2018 10:43:56:227] nzirclose: entry [02-JUL-2018 10:43:56:227] nzdfc_close: entry [02-JUL-2018 10:43:56:227] nzdfc_close: exit [02-JUL-2018 10:43:56:227] nzhewencPkcs12wlttoWallet: entry [02-JUL-2018 10:43:56:227] p12 decode failed with error 10039. nzerr=29106 [02-JUL-2018 10:43:56:227] nzhewRetrieveencwltBlob: exit [02-JUL-2018 10:43:56:227] Could not open wallet from file:<PATH TO>\user: NZ error 29106 [02-JUL-2018 10:43:56:227] nztwOpenWallet: exit [02-JUL-2018 10:43:56:227] nlse_term_audit: entry [02-JUL-2018 10:43:56:227] nlse_term_audit: exit
Changes
By default, the self signed certificate gets created and added with MD5 algorithm. SHA2 certs were created using the steps which was incorrect.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |