My Oracle Support Banner

SSL Failure : NZ Error - 28757 Upon SSL Ldapbind From Database To Ldap Directory Server (Doc ID 444714.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle Internet Directory - Version: to
Oracle Security Service - Version: to
This problem can occur on any platform.
Abbreviations in this document are

OID => oracle internet directory
AD => active directory
SSL => secure socket layer
DB => Database


You have a custom procedure at the DB end that connects to a directory server (OID or AD) 
using LDAP SSL (port 636). This procedure stops working and now is returning status 28757,
when the call "DBMS_LDAP.open_ssl" is made within the procedure.

You have tested the connection with 'ldapbind' and the same error "SSL Failure : NZ Error - 28757"

[cmd-prompt]$ ldapbind -D <admin user> -w <admin password> -U 2
-h <hostname> -p <ssl port/636>  -W <wallet location> -P <wallet password> 
SSL Failure : NZ Error - 28757

Importing the directory server certificate set (root certificate and trusted certificate) into OWM, 
fails with "Some trusted certificates could not be installed"

(4) 'mkwallet -q <root/trusted directory server certificate>' reports "Failed to retrieve certificate" 

(5) This happens only on this particular environment.  You have another isolated test environment
with an another directory server and the error does not reproduce there,
neither using similar custom procedure nor from 'ldapbind' utility from the same DB home.


Installed new certificates at the LDAP directory server side (OID or AD)


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process, and therefore has not been subject to an independent technical review.

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.