My Oracle Support Banner

Siebel Gateway Security Profile Creation Fails with LDAPSSL when LDAP Server RootCA Certificate Is Using Signature Algorithm Name As SHA256withECDSA (Doc ID 2681931.1)

Last updated on JUNE 18, 2020

Applies to:

Siebel CRM - Version 20.2 and later
Information in this document applies to any platform.

Symptoms

Siebel Gateway Security profile creation fails with LDAPSSL when LDAP/AD server rootCA certificate is generated with signature algorithm SHA256withECDSA

 

STEPS

---------

  1. Install siebel 17.0+20.x
  2. Create wallet using AD root cert and copy wallet to $ses/applicationcontainer/certs folder
  3. Login to SMC and create gateway
  4. While creating security profile, choose LDAPSecAdpt 
  5. Provide all LDAP values
  6. Click SSL and provide wallet password
  7. Submit profile, it fails with error: Validation Failed 


ERROR
-----------------------

$AI/applicationcontainer/logs/catalina*.out

Using OraclePKI Provider
javax.net.ssl.TrustManagerFactory supported
javax.net.ssl.KeyManagerFactory supported
Using OracleJSSE103 Provider
OracleKeyStoreSpi: Loading wallet from stream
OracleKeyStoreSpi.engineLoad:getting channel..
OracleKeyStoreSpi.engineLoad:locking file (shared)..
OracleKeyStoreSpi.engineLoad:locked file.
OracleKeyStoreSpi.engineLoad:releasing lock..
OracleKeyStoreSpi.engineLoad:closing channel..
java.io.IOException: Unrecognized algorithm identifier.
              at oracle.security.crypto.util.CryptoUtils.inputSPKI(Unknown Source)
              at oracle.security.crypto.cert.X509.input(X509.java:392)
              at oracle.security.crypto.cert.X509.<init>(X509.java:114)
              at oracle.security.crypto.cert.PKCS12CertBag.input(PKCS12CertBag.java:124)
              at oracle.security.crypto.cert.PKCS12CertBag.<init>(PKCS12CertBag.java:78)
              at oracle.security.crypto.cert.PKCS12Bag.inputBag(PKCS12Bag.java:82)
              at oracle.security.crypto.cert.PKCS12Safe.input(PKCS12Safe.java:213)
              at oracle.security.crypto.cert.PKCS12Safe.<init>(PKCS12Safe.java:120)
              at oracle.security.crypto.cert.PKCS12.input(PKCS12.java:179)
              at oracle.security.crypto.cert.PKCS12.<init>(PKCS12.java:119)
              at oracle.security.pki.OracleKeyStoreSpi.engineLoad(Unknown Source)
              at java.security.KeyStore.load(KeyStore.java:1445)
              at com.siebel.securityadapter.LDAPAuthenticator.getOracleWalletKeyStore(LDAPAuthenticator.java:199)
              at com.siebel.securityadapter.LDAPAuthenticator.SecurityLogin(LDAPAuthenticator.java:278)
              at com.siebel.securityadapter.SecurityManager.LoginInst(SecurityManager.java:410)
              at com.siebel.securityadapter.SecurityManager.TestAuthenticate(SecurityManager.java:574)
              at com.siebel.opcgw.cloudgateway.config.SecurityProfileResource.validateSecurityProfile(SecurityProfileResource.java:506)
              at com.siebel.opcgw.cloudgateway.config.SecurityProfileResource.bootstrapSecurityProfile(SecurityProfileResource.java:666)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)


Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.