My Oracle Support Banner

Oracle HTTP Server Fail to Start with the Error "No SSL Wallet [hint: SSLWallet]" when Wallet Containing a SHA2 Self Signed Certificate is Used (Doc ID 2439461.1)

Last updated on AUGUST 15, 2019

Applies to:

Oracle HTTP Server - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Oracle HTTP Server 11.1.1.9, fails to start when wallet containing a self signed SHA2 certificate is used.

ohs log file shows this:

[2018-09-17T14:26:14.1071+05:30] [OHS] [ERROR:32] [OHS-201] [core.c] [host_id: <HOSTNAME>] [host_addr: IP] [pid: <PID>] [tid: <TID>] [user: <USER>] [VirtualHost: <HOSTNAME>:4443] No SSL Wallet [hint: SSLWallet]
[2018-09-17T14:26:25.0599+05:30] [OHS] [ERROR:32] [OHS-201] [core.c] [host_id: <HOSTNAME>] [host_addr: IP] [pid: <PID>] [tid: <TID>] [user: <USER>] [VirtualHost: <HOSTNAME>:4443] No SSL Wallet [hint: SSLWallet]

Enabled debug as below:

Set these in "httpd.conf":
ErrorLog "${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/error_log"
LogLevel debug
OraLogMode apache
Create a "sqlnet.ora" file in '$ORACLE_HOME/network/admin' directory.
TRACE_LEVEL_SERVER=16
TRACE_DIRECTORY_SERVER=<path_to_oracle_home>/network/admin
Reference:
--------
<Note:2127982.1> - How To Debug Oracle HTTP Server (OHS) And SSL (NZ) In FMW 11G (11.1.1.X) And FMW 12C (12.1.X AND 12.2.X)

After above steps OHS error log shows this:

[Mon Sep 17 14:57:32 2018] [debug] aime_www\www\src\modplsql\sosd\swwwap.c(1004): mod_plsql: plsql_start called
[Mon Sep 17 14:57:32 2018] [info] mod_unique_id: using ip addr IP
[Mon Sep 17 14:57:33 2018] [info] OHS:2012 Init: Initializing (virtual) servers for SSL
[Mon Sep 17 14:57:33 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:33 2018] [debug] ssl_engine_init.c(1447): OHS:2055 Init: (HOSTNAME:9999) Configuring permitted SSL ciphers [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384]
[Mon Sep 17 14:57:33 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:33 2018] [error] OHS:2016 No SSL Wallet [hint: SSLWallet]
[Mon Sep 17 14:57:43 2018] [debug] aime_www\www\src\modplsql\sosd\swwwap.c(1004): mod_plsql: plsql_start called
[Mon Sep 17 14:57:43 2018] [info] mod_unique_id: using ip addr IP
[Mon Sep 17 14:57:44 2018] [info] OHS:2012 Init: Initializing (virtual) servers for SSL
[Mon Sep 17 14:57:44 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:44 2018] [debug] ssl_engine_init.c(1447): OHS:2055 Init: (HOSTNAME:9999) Configuring permitted SSL ciphers [SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384]
[Mon Sep 17 14:57:44 2018] [info] OHS:2058 Configuring server for SSL protocol
[Mon Sep 17 14:57:44 2018] [error] OHS:2016 No SSL Wallet [hint: SSLWallet]
trace file shows this:
------------
[02-JUL-2018 10:43:56:211] Using wallet locator from caller argument ..
[02-JUL-2018 10:43:56:211] nzdcpgfd_get_file_data: entry
[02-JUL-2018 10:43:56:211] nzdcpaf_assemble_filename: entry
[02-JUL-2018 10:43:56:211] snzdafn_assemble_filename: entry
[02-JUL-2018 10:43:56:211] nziropen: entry
[02-JUL-2018 10:43:56:211] nzdfo_open: entry
[02-JUL-2018 10:43:56:211] snzdfo_open_file: entry
[02-JUL-2018 10:43:56:211] Opening file <PATH TO>\ewallet.p12 with READ ONLY permissions
[02-JUL-2018 10:43:56:211] nziropen: entry
[02-JUL-2018 10:43:56:211] nzdfo_open: entry
[02-JUL-2018 10:43:56:211] snzdfo_open_file: entry
[02-JUL-2018 10:43:56:211] Opening file <PATH TO>\cwallet.sso with READ ONLY permissions
[02-JUL-2018 10:43:56:227] nzirretrieve: entry
[02-JUL-2018 10:43:56:227] nzdfr_reset: entry
[02-JUL-2018 10:43:56:227] nzdfr_reset: exit
[02-JUL-2018 10:43:56:227] nzdfr_reset: entry
[02-JUL-2018 10:43:56:227] nzdfr_reset: exit
[02-JUL-2018 10:43:56:227] nzirclose: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: exit
[02-JUL-2018 10:43:56:227] nzirclose: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: entry
[02-JUL-2018 10:43:56:227] nzdfc_close: exit
[02-JUL-2018 10:43:56:227] nzhewencPkcs12wlttoWallet: entry
[02-JUL-2018 10:43:56:227] p12 decode failed with error 10039. nzerr=29106
[02-JUL-2018 10:43:56:227] nzhewRetrieveencwltBlob: exit
[02-JUL-2018 10:43:56:227] Could not open wallet from file:<PATH TO>\user: NZ error 29106
[02-JUL-2018 10:43:56:227] nztwOpenWallet: exit
[02-JUL-2018 10:43:56:227] nlse_term_audit: entry
[02-JUL-2018 10:43:56:227] nlse_term_audit: exit

Changes

By default, the self signed certificate gets created and added with MD5 algorithm. To get a SHA2 certificate, followed steps similar to the one mentioned in the below document
<Note:1914184.1> - How To Create A SHA2 Certificate Using Oracle Wallet And ORAPKI ? 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.