My Oracle Support Banner

Oracle Client Is Sometimes Loosing Possiblity To Connect Using Certificates (HSM/PKCS#11) (Doc ID 1515662.1)

Last updated on MARCH 10, 2019

Applies to:

Advanced Networking Option - Version and later
Information in this document applies to any platform.


When the user is connected to the HSM device  via a oracle client which has created a SSL session to the database, if the  smart card is removed and reinserted, subsequent HSM PKCS11 connection would lead to a client getting random errors like ORA-43017 or crashes.

In earlier versions 10g client and 11.1. client, the same scenario causes the client to crash. But in 11.2 client the error 43017 is produced and sqlplus has to be restarted.

If the smart card is left in place, the problem never arises.


Fatal NI connect error 43017, connecting to:

    TNS for 32-bit Windows: Version - Production
    éx  Time: 03-JUN-2012 21:26:34
  Tracing to file: D:<PATH>\sqlnet_4396.trc
  Tns error struct:
    ns main err code: 12560
    TNS-12560: TNS: Fehler bei Protokolladapter
    ns secondary err code: 0
    nt main err code: 546
    TNS-00546: Fehler bei Steuerelement
    Oracle error 1: 43017
ORA-43017: pkcs11: Kein Zertifikat auf Smartcard/HSM gefunden
    nt secondary err code: 0
    nt OS err code: 0




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.