Oracle Client Is Sometimes Loosing Possiblity To Connect Using Certificates (HSM/PKCS#11) (Doc ID 1515662.1)

Last updated on MARCH 10, 2019

Applies to:

Symptoms

When the user is connected to the HSM device  via a oracle client which has created a SSL session to the database, if the  smart card is removed and reinserted, subsequent HSM PKCS11 connection would lead to a client getting random errors like ORA-43017 or crashes.

In earlier versions 10g client and 11.1. client, the same scenario causes the client to crash. But in 11.2 client the error 43017 is produced and sqlplus has to be restarted.

If the smart card is left in place, the problem never arises.

Fatal NI connect error 43017, connecting to:
 (DESCRIPTION=(ADDRESS=(COMMUNITY=xxxxx)(PROTOCOL=TCPS)(HOST=xxxxxx)(PORT=xxxxx))(CONNECT_DATA=(SID=xxxxx)(SERVICE_NAME=xxxxx)(SERVER=DEDICATED)(CID=(PROGRAM=C:\Programs\product\11.2.0\client_2\bin\sqlplus.exe)(HOST=myhostname)(USER=user1)))(SECURITY=(SSL_SERVER_CERT_DN=CN=xxxx,CN=OracleContext,OU=Service,OU=CA,O=UBS,C=CH)))

  VERSION INFORMATION:
    TNS for 32-bit Windows: Version 11.2.0.3.0 - Production
    éx  Time: 03-JUN-2012 21:26:34
  Tracing to file: D:<PATH>\sqlnet_4396.trc
  Tns error struct:
    ns main err code: 12560
    TNS-12560: TNS: Fehler bei Protokolladapter
    ns secondary err code: 0
    nt main err code: 546
    TNS-00546: Fehler bei Steuerelement
    Oracle error 1: 43017
ORA-43017: pkcs11: Kein Zertifikat auf Smartcard/HSM gefunden
    nt secondary err code: 0
    nt OS err code: 0

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.