tags:

views:

1028

answers:

2

Hi,

We've got an Apache instance deployed through Oracle Application Server. It's currently installed with the default wallet, and, the self-signed certificate. We've got a GEOTRUST certificiate, imported the Trusted Roots and imported the new Cert to the Wallet Manager. We've then updated the SSL properties of the VHOST and the HTTP_SERVER through Enterprise Manager.

Things have restarted fine, however, we now can't connect to the Apache service, we're getting the error:

"call to NZ function nzos_Handshake failed"

This seems to point to a problem with the root Certs, but, in my opinion these are registered with the Wallet correctly.

Anyone seen this before and have some pointers?

Thanks

Andrew

+1  A: 

Had the same problem with an Apache/JBoss configuration
look at your httpd.conf, you should have three lines:

SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCACertificateFile /usr/local/ssl/crt/EV_intermediate.crt

The last line is needed because the Geotrust root CA is not known by most older and some newer servers (you would not have to do this with a verisign or instantssl cert, for instance).

Tony BenBrahim
A: 

Hmm, this seems exactly the right solution, however, I'm using the Wallet Manager and the certificates aren't specified as you suggest. You simply point to the wallet manager. I have however imported the root certificates to the wallet with no effect.

Thanks

Andrew

Andrew Taylor