Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Can't connect to OID using SSL (handshake failed NZerr 29039)

maleksOct 12 2008 — edited Nov 16 2008
Hi!

I'm trying to set up OID running on Windows Server 2003 for testing purposes.
I have downloaded the files as_windows_x86_oim_oif_101401_disk(1/2) and installed Oracle Internet Directory only.
I'm able to connect using standard clear text and using Oracle Directory Manager.

I have followed the instructions on this page (chapter 17):
[http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/ssl.htm]

Using Oracle Wallet Manager I have generated a certificate request with the key size of 2048.
I'm unsure what I was supposed to enter into the subject name of the request so I entered just "oid_idm", it looks like this now: "CN=oid_idm,C=US".
I then used my Novell eDirectory CA to sign the request and to generate the certificate. I exported the CA certificate from eDirectory and imported it into the wallet, it's listed under Trusted Certificates as "META-TREE", I then imported my signed certificate into the wallet and it says Certificate:Ready now.

The wallet is saved into C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETS.
Auto Login is enabled.

Using Directory Manager I right-clicked Configuration Set1 and selected "Create Like"

I configured the new set to listen on non-SSL port 1389 and SSL port 1636,
SSL Authentication: No SSL Authentication
SSL Enable: SSL only
SSL Wallet URL: file:C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETSSSL Port: 1636

Then I changed the OracleServiceORCL
to run as Administrator. Restarted the server, started the new instance (2).

Using this command on the OID server I can connect:

ldapsearch -D cn=orcladmin -w secret -U 1 -h 192.168.0.101 -p 1636 -b dc=lab -s base "objectclass=*"

Trying to connect from my Linux server using it's own ldapsearch it doesn't work, I get the error: ldap_bind: Can't contact LDAP server
Trying to connect using Apache Directory Studio or LDAP Browser\Editor also doesn't work (SSL connection).

I can see the following in the log no matter which of the tree tools above I try to use:

2008/10/12:13:01:09 * SSLthread:19 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: 192.168.0.15(WINDESK)
* (NZerr 29039)

Any ideas what I can do to solve this issue?

Thanks!
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 14 2008
Added on Oct 12 2008
#identity-management, #identity-manager
2 comments
1,706 views