Website Throwing ERR_BAD_SSL_CLIENT_AUTH_CERT when using Two Way SSL Authentication (Doc ID 2980258.1)

Last updated on FEBRUARY 02, 2024

Applies to:

Symptoms

When attempting to establish two-way SSL connection some clients get an error.

ERR_BAD_SSL_CLIENT_AUTH_CERT

The OHS log file does not contain this error message but only shows the errors.

<Timestamp and other site specific details> OHS:2182 NZ Trace function: nzospRead
<Timestamp and other site specific details> OHS:2183 NZ Trace message: I/O channel closed - closing connection (-6980)
<Timestamp and other site specific details> OHS:2182 NZ Trace function: SSL_Info
<Timestamp and other site specific details> OHS:2183 NZ Trace message: error in SSLv3 read client certificate A
<Timestamp and other site specific details> OHS:2182 NZ Trace function: nzosr_Renegotiate
<Timestamp and other site specific details> OHS:2183 NZ Trace message: R_SSL_read() failed with SSL error=5 and NZ error=28750
<Timestamp and other site specific details> OHS:2107 SSL re-negotiation failed, nzos_RequestRenegotiation returned 28750
<Timestamp and other site specific details> OHS:2171 NZ Library Error: Unknown error

The client appears to close the connection and the client certificate is not requested in the browser so it is never passed to OHS.

In this documented case the certificates are stored on Common Access Cards (CAC) but this should affect any two way SSL communication.

Changes

 A new client certificate has been provided to some clients and the clients with the new certificate are failing. The clients using the original certificates are still working.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.