SSL Failure : NZ Error - 28757 Upon SSL Ldapbind From Database To Ldap Directory Server (Doc ID 444714.1)

Last updated on JULY 19, 2007

Applies to:

Oracle Internet Directory - Version: 10.1.0.4.2 to 10.2.0.3.0
Oracle Security Service - Version: 10.1.0.4.2 to 10.2.0.3.0
This problem can occur on any platform.
Abbreviations in this document are

OID => oracle internet directory
AD => active directory
SSL => secure socket layer
DB => Database

Symptoms

(1)
You have a custom procedure at the DB end that connects to a directory server (OID or AD) 
using LDAP SSL (port 636). This procedure stops working and now is returning status 28757,
when the call "DBMS_LDAP.open_ssl" is made within the procedure.

(2)
You have tested the connection with 'ldapbind' and the same error "SSL Failure : NZ Error - 28757"

[cmd-prompt]$ ldapbind -D <admin user> -w <admin password> -U 2
-h <hostname> -p <ssl port/636>  -W <wallet location> -P <wallet password> 
SSL Failure : NZ Error - 28757

(3)
Importing the directory server certificate set (root certificate and trusted certificate) into OWM, 
fails with "Some trusted certificates could not be installed"

(4) 'mkwallet -q <root/trusted directory server certificate>' reports "Failed to retrieve certificate" 

(5) This happens only on this particular environment.  You have another isolated test environment
with an another directory server and the error does not reproduce there,
neither using similar custom procedure nor from 'ldapbind' utility from the same DB home.

Changes

Installed new certificates at the LDAP directory server side (OID or AD)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms