APEX

Have apex environment (originally 3.1.2 now 3.2) workiing fine under http server 10.1.3. regular http port 7777.
After going thru the ssl and wallet documentation steps to apply certificates supplied to me, and scouring all the blogs, I'm still failing under https 4443 with:

SSL call to NZ function nzos_Handshake failed with error 29040

The default oracle ewallet.p12 lets me in after first complaining about the certificates. I made a new wallet, with owm, and added in the trusted certs that are suppsoed to match our internal browsers. Thats when things go wrong.

I've tried, and of course bounced opmnctl with stopall, startall after changing each one:
(1) in opmn.xml verified <ssl enabled="true"
(2) auto-logon checked in the wallet with cwallet.sso,
(3) left it off, regen'd wallet and set SSLWalletPassword to it's value,
(4) tried and verified different wallet locations and the right settings in ssl.conf. (feel confident the ssl.conf settings work cause I can cause other errors by commenting out SSLWalletPassword in ssl.conf with auto-logon=off),
(5) SSLVerifyClient set to none
(6) in opmn.xml verified <data id="start-mode" value="ssl-enabled"/>
(7) set LogLevel in httpd.conf to Debug (more output but nothing obviously usefull)
(8) set SSLLogLevel in ssl.conf to debug (more output but nothing obviously usefull)

any ideas would be much appreciated. AND especially does anyone know what the default password is for that default ewallet.p12 ?
if it told me during install I must have missed it. first born for that cause maybe I can modify it and add in my certs ?