PKCS 11 Wallet doesn't read Smartcard (CAC Card) from reader - ORA-43013 (pkcs11 Failed to change certC provider)
(Doc ID 2742193.1)
Last updated on JANUARY 17, 2021
Applies to:
Advanced Networking Option - Version 12.1.0.2 and laterInformation in this document applies to any platform.
Symptoms
DoD customer trying to create a PKCS11 wallet so that they can read a DoD CAC (smartcard) certificate for sqlplus login.
The card reader software is HID Global/ActivIdentity and the dll is acpkcs211.dll.
C:\temp>orapki wallet display -wallet owm
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
PKCS11 token information:
Library:C:\Program Files (x86)\<XXX> \ActivClient\acpkcs211.dll
Token label:ActivID ActivClient 0
Token passphrase:
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject: CN=DoD Root <>
Subject: CN=DOD ID <>
Now try to do a p11_verify to test that the wallet is reading the certificate from the smartcard.
orapki just sits for a few seconds and returns a blank screen without any errors.
C:\temp>orapki wallet p11_verify -wallet owm
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Then if you try to use the wallet with sqlplus, you get the following error: ORA-43013 (pkcs11 Failed to change certC provider)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |