Current position:  Home > Default > IE unable to connect to Oracle HTTP Server v10.1.2 with SSL

IE unable to connect to Oracle HTTP Server v10.1.2 with SSL

Time:December 10
Advertisement
Hi,
I configured OHS with SSL to run APEX applications.
This configuration can be run from Mozilla browsers and Opera, but not from Internet Explorer.
I suspect that IE doesn't support 256-bit encryption, as both browser above support it. So I set several combination of SSL Cipher Suite in ssl.conf. I also set IE to use TLS v1, SSLv2, and SSLv3. But this doesn't show any results. I also found that several sites which has 256 bit encryption (read the information from Mozilla and Opera browser) can also be opened by IE (read as 128 bit encryption). So I guess the encryption is not the problem, and I move on to the Apache error_log files.
What I found from Apache's error_log.xxxx is
[error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server ---.---.com:4443, client --.--.--.--)
[error] mod_ossl: Unknown error
[error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server ---.---.com:4443, client --.--.--.--)
[error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
So I looked in the Metalink and found Note:312041.1 and applied patch 4960210 and restart the server. But now it wouldn't start at all, despite that all configuration files were not changed.
Any help would be greatly appreciated.
Regards,
Aulia Bismar
Advertisement
You can use any PKCS#12 file with OHS if it includes the complete private key and certificate chain. With Oracle Wallet Manager (owm) you could also create a private key, import it, import the CA certificate as trusted certificate, create a certificate request for the private key, get the certificate response from the CA and import this.
If you use an unsual CA, ie cacert.org, you must import the CA root certificate as a trusted server certificate for IE.
--olaf