Join our mailing list Subscribe Us
Home
EBS

OHS Start Failed: Nzos Call NzosSetCredential Returned 28791

 Issue is due to more than one user certificate in the Wallet.

"orapki display" command output showing two User Certificates:
% orapki wallet display -wallet .

Requested Certificates:
User Certificates:
Subject:    CN=myServer,OU=myOrg,OU=myUnit,OU=myLocality,O=myState,C=myCountry
Subject:    CN=myServer,OU=myOrg,OU=myUnit,OU=myLocality,O=myState,C=myCountry

Trusted Certificates:
Solution:
1. Identify if wallet is auto_login or auto_login_only.
auto_login_only wallets contain one file:  cwallet.sso (not including .lck file)
auto_login     wallets contain two files: cwallet.sso, ewallet.p12 (not including .lck files)

2. Make a copy of your wallet file(s).


3. Use orapki command to obtain Distinguished Name (DN) of your User Certificates:
<ORACLE_HOME>/oracle_common/bin/orapki wallet display -wallet ReplaceWithWalletDirectoryPath
Sample orapki output of "User Certificates" section:
User Certificates:
Subject:    CN=myServer,OU=myOrg,OU=myUnit,OU=myLocality,O=myState,C=myCountry
Subject:    CN=myServer,OU=myOrg,OU=myUnit,OU=myLocality,O=myState,C=myCountry
From example above the DN is:
CN=myServer,OU=myOrg,OU=myUnit,OU=myLocality,O=myState,C=myCountry
    
4. Remove all user certificates from the wallet since it could be unknown which user certificate is the intended one to be used.
Repeat orapki remove command until all user certificates are removed from the wallet, replace ReplaceWithWalletDirectoryPath and ReplaceWithDNFromPreviousStep with your actual values.  
auto_login_only wallet:
<ORACLE_HOME>/oracle_common/bin/orapki wallet remove -wallet ReplaceWithWalletDirectoryPath -dn 'ReplaceWithDNFromPreviousStep' -user_cert -auto_login_only

auto_login wallet:
<ORACLE_HOME>/oracle_common/bin/orapki wallet remove -wallet ReplaceWithWalletDirectoryPath -dn 'ReplaceWithDNFromPreviousStep' -user_cert
 
5. Import the user certificate into the wallet. Replace userCertFileName with actual user certificate filename.
auto_login_only wallet:
orapki wallet add -wallet ReplaceWithWalletDirectoryPath -user_cert -cert userCertFileName -auto_login_only

auto_login wallet:
orapki wallet add -wallet ReplaceWithWalletDirectoryPath -user_cert -cert userCertFileName