My Oracle Support Banner

SSL Failure : NZ Error - 28757 Upon SSL Ldapbind From Database To Ldap Directory Server (Doc ID 444714.1)

Last updated on MARCH 05, 2019

Applies to:

Oracle Internet Directory - Version to [Release Oracle10g to 10g]
Oracle Security Service - Version to
Information in this document applies to any platform.
Oracle Security Service - Version: to
This problem can occur on any platform.
Abbreviations in this document are

OID => oracle internet directory
AD => active directory
SSL => secure socket layer
DB => Database


You have a custom procedure at the DB end that connects to a directory server (OID or AD) 
using LDAP SSL (port 636). This procedure stops working and now is returning status 28757,
when the call "DBMS_LDAP.open_ssl" is made within the procedure.

You have tested the connection with 'ldapbind' and the same error "SSL Failure : NZ Error - 28757"

[cmd-prompt]$ ldapbind -D <admin user> -w <admin password> -U 2
-h <hostname> -p <ssl port/636>  -W <wallet location> -P <wallet password> 
SSL Failure : NZ Error - 28757

Importing the directory server certificate set (root certificate and trusted certificate) into OWM, 
fails with "Some trusted certificates could not be installed"

(4) 'mkwallet -q <root/trusted directory server certificate>' reports "Failed to retrieve certificate" 

(5) This happens only on this particular environment.  You have another isolated test environment
with an another directory server and the error does not reproduce there,
neither using similar custom procedure nor from 'ldapbind' utility from the same DB home.


Installed new certificates at the LDAP directory server side (OID or AD)


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.