Oracle Client Is Sometimes Loosing Possiblity To Connect Using Certificates (HSM/PKCS#11)
(Doc ID 1515662.1)
Last updated on MARCH 10, 2019
Applies to:
Advanced Networking Option - Version 11.2.0.3 and laterInformation in this document applies to any platform.
Symptoms
When the user is connected to the HSM device via a oracle client which has created a SSL session to the database, if the smart card is removed and reinserted, subsequent HSM PKCS11 connection would lead to a client getting random errors like ORA-43017 or crashes.
In earlier versions 10g client and 11.1. client, the same scenario causes the client to crash. But in 11.2 client the error 43017 is produced and sqlplus has to be restarted.
If the smart card is left in place, the problem never arises.
Fatal NI connect error 43017, connecting to:
(DESCRIPTION=(ADDRESS=(COMMUNITY=xxxxx)(PROTOCOL=TCPS)(HOST=xxxxxx)(PORT=xxxxx))(CONNECT_DATA=(SID=xxxxx)(SERVICE_NAME=xxxxx)(SERVER=DEDICATED)(CID=(PROGRAM=C:\Programs\product\11.2.0\client_2\bin\sqlplus.exe)(HOST=myhostname)(USER=user1)))(SECURITY=(SSL_SERVER_CERT_DN=CN=xxxx,CN=OracleContext,OU=Service,OU=CA,O=UBS,C=CH)))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 11.2.0.3.0 - Production
éx Time: 03-JUN-2012 21:26:34
Tracing to file: D:<PATH>\sqlnet_4396.trc
Tns error struct:
ns main err code: 12560
TNS-12560: TNS: Fehler bei Protokolladapter
ns secondary err code: 0
nt main err code: 546
TNS-00546: Fehler bei Steuerelement
Oracle error 1: 43017
ORA-43017: pkcs11: Kein Zertifikat auf Smartcard/HSM gefunden
nt secondary err code: 0
nt OS err code: 0
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |