Oracle HTTP Server Fail to Start with the Error "No SSL Wallet [hint: SSLWallet]" when Wallet Containing a SHA2 Self Signed Certificate is Used (Doc ID 2439461.1)

Last updated on FEBRUARY 16, 2024

Applies to:

Oracle HTTP Server - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Oracle HTTP Server 11.1.1.9, fails to start when wallet containing a self signed SHA2 certificate is used.

ohs log file shows this:

[2018-09-17T14:26:14.1071+05:30] [OHS] [ERROR:32] [OHS-201] [core.c] [host_id: <HOSTNAME>] [host_addr: IP] [pid: <PID>] [tid: <TID>] [user: <USER>] [VirtualHost: <HOSTNAME>:4443] No SSL Wallet [hint: SSLWallet]
[2018-09-17T14:26:25.0599+05:30] [OHS] [ERROR:32] [OHS-201] [core.c] [host_id: <HOSTNAME>] [host_addr: IP] [pid: <PID>] [tid: <TID>] [user: <USER>] [VirtualHost: <HOSTNAME>:4443] No SSL Wallet [hint: SSLWallet]

Enabled debug as below:

Set these in "httpd.conf":

ErrorLog "${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/error_log"
LogLevel debug
OraLogMode apache

Create a "sqlnet.ora" file in '$ORACLE_HOME/network/admin' directory.
TRACE_LEVEL_SERVER=16
TRACE_DIRECTORY_SERVER=<path_to_oracle_home>/network/admin

Reference:
--------
<Note:2127982.1> - How To Debug Oracle HTTP Server (OHS) And SSL (NZ) In FMW 11G (11.1.1.X) And FMW 12C (12.1.X AND 12.2.X)

After above steps OHS error log shows this:

[Mon Sep 17 14:57:32 2018] [debug] aime_www\www\src\modplsql\sosd\swwwap.c(1004): mod_plsql: plsql_start called
[Mon Sep 17 14:57:32 2018] [info] mod_unique_id: using ip addr IP
[Mon Sep 17 14:57:33 2018] [info] OHS:2012 Init: Initializing (virtual) servers for SSL
[Mon Sep 17 14:57:33 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:33 2018] [debug] ssl_engine_init.c(1447): OHS:2055 Init: (HOSTNAME:9999) Configuring permitted SSL ciphers [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384]
[Mon Sep 17 14:57:33 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:33 2018] [error] OHS:2016 No SSL Wallet [hint: SSLWallet]
[Mon Sep 17 14:57:43 2018] [debug] aime_www\www\src\modplsql\sosd\swwwap.c(1004): mod_plsql: plsql_start called
[Mon Sep 17 14:57:43 2018] [info] mod_unique_id: using ip addr IP
[Mon Sep 17 14:57:44 2018] [info] OHS:2012 Init: Initializing (virtual) servers for SSL
[Mon Sep 17 14:57:44 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:44 2018] [debug] ssl_engine_init.c(1447): OHS:2055 Init: (HOSTNAME:9999) Configuring permitted SSL ciphers [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384]
[Mon Sep 17 14:57:44 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:44 2018] [error] OHS:2016 No SSL Wallet [hint: SSLWallet]

trace file shows this:
------------
[02-JUL-2018 10:43:56:211] Using wallet locator from caller argument ..
[02-JUL-2018 10:43:56:211] nzdcpgfd_get_file_data: entry
[02-JUL-2018 10:43:56:211] nzdcpaf_assemble_filename: entry
[02-JUL-2018 10:43:56:211] snzdafn_assemble_filename: entry
[02-JUL-2018 10:43:56:211] nziropen: entry
[02-JUL-2018 10:43:56:211] nzdfo_open: entry
[02-JUL-2018 10:43:56:211] snzdfo_open_file: entry
[02-JUL-2018 10:43:56:211] Opening file <PATH TO>\ewallet.p12 with READ ONLY permissions
[02-JUL-2018 10:43:56:211] nziropen: entry
[02-JUL-2018 10:43:56:211] nzdfo_open: entry
[02-JUL-2018 10:43:56:211] snzdfo_open_file: entry
[02-JUL-2018 10:43:56:211] Opening file <PATH TO>\cwallet.sso with READ ONLY permissions
[02-JUL-2018 10:43:56:227] nzirretrieve: entry
[02-JUL-2018 10:43:56:227] nzdfr_reset: entry
[02-JUL-2018 10:43:56:227] nzdfr_reset: exit
[02-JUL-2018 10:43:56:227] nzdfr_reset: entry
[02-JUL-2018 10:43:56:227] nzdfr_reset: exit
[02-JUL-2018 10:43:56:227] nzirclose: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: exit
[02-JUL-2018 10:43:56:227] nzirclose: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: exit
[02-JUL-2018 10:43:56:227] nzhewencPkcs12wlttoWallet: entry
[02-JUL-2018 10:43:56:227] p12 decode failed with error 10039. nzerr=29106
[02-JUL-2018 10:43:56:227] nzhewRetrieveencwltBlob: exit
[02-JUL-2018 10:43:56:227] Could not open wallet from file:<PATH TO>\user: NZ error 29106
[02-JUL-2018 10:43:56:227] nztwOpenWallet: exit
[02-JUL-2018 10:43:56:227] nlse_term_audit: entry
[02-JUL-2018 10:43:56:227] nlse_term_audit: exit

Changes

By default, the self signed certificate gets created and added with MD5 algorithm. SHA2 certs were created using the steps which was incorrect.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle HTTP Server Fail to Start with the Error "No SSL Wallet [hint: SSLWallet]" when Wallet Containing a SHA2 Self Signed Certificate is Used (Doc ID 2439461.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!