Website Throwing ERR_BAD_SSL_CLIENT_AUTH_CERT when using Two Way SSL Authentication
(Doc ID 2980258.1)
Last updated on FEBRUARY 02, 2024
Applies to:
Oracle HTTP Server - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
When attempting to establish two-way SSL connection some clients get an error.
ERR_BAD_SSL_CLIENT_AUTH_CERT
The OHS log file does not contain this error message but only shows the errors.
<Timestamp and other site specific details> OHS:2182 NZ Trace function: nzospRead
<Timestamp and other site specific details> OHS:2183 NZ Trace message: I/O channel closed - closing connection (-6980)
<Timestamp and other site specific details> OHS:2182 NZ Trace function: SSL_Info
<Timestamp and other site specific details> OHS:2183 NZ Trace message: error in SSLv3 read client certificate A
<Timestamp and other site specific details> OHS:2182 NZ Trace function: nzosr_Renegotiate
<Timestamp and other site specific details> OHS:2183 NZ Trace message: R_SSL_read() failed with SSL error=5 and NZ error=28750
<Timestamp and other site specific details> OHS:2107 SSL re-negotiation failed, nzos_RequestRenegotiation returned 28750
<Timestamp and other site specific details> OHS:2171 NZ Library Error: Unknown error
The client appears to close the connection and the client certificate is not requested in the browser so it is never passed to OHS.
In this documented case the certificates are stored on Common Access Cards (CAC) but this should affect any two way SSL communication.
Changes
A new client certificate has been provided to some clients and the clients with the new certificate are failing. The clients using the original certificates are still working.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |