OHS -- Unable to initialize SSL environment, nzos call nzosSetCredential returned 28791 OHS:2171 NZ Library Error: Unknown error

Today, I'm going to share a rather annoying OHS error and its solution. Sometimes these kinds of errors can really make you spend lots of time diagnosing, right? Luckily, we've figured out the fix and wanted to share it with you. Maybe it'll save someone some time.

If you've encountered the following error in your OHS log file when trying to start OHS, you're not alone!

Error:
Unable to initialize SSL environment, nzos call nzosSetCredential returned 28791 OHS:2171 NZ Library Error: Unknown error

I will assume that you already created your wallet and imported your certificate(s).

I mean you already properly executed the sequence of commands I have given example below , but still getting OHS:2171 NZ Library Error: Unknown Error..

orapki wallet create -wallet . -auto_login_only
orapki wallet add -wallet . -dn 'CN=BLABLA,OU=FOR TESTING ONLY,O=FOR TESTING ONLY' -keysize 2048 -self_signed -validity 3650 -auto_login_only-

-Ref: Doc ID 2729766.1 12c: How to Recreate the Default Wallet that has Expired from Oracle HTTP Server

Actually, this issue is generic and can be encountered in lots of cases where you couldn't place certificates in the right wallet, or where you didn't correctly specified your wallet location in ssl.conf but !I already assumed that you did everything right in this context, and still encountering the issue.

So, in that case, you should check your admin.conf. There may be a misalignment between the server name written in the admin.conf and the server name (DN - CN) you used while executing "orapki wallet add" command..

For instance, if you have a real server name (rather than localhost) written in admin.conf you should use the same server name while importing your certificate into your wallet using "orapki wallet add" command. That is, if you have the real server name in the admin.conf,  and if you use localhost rather than that server name in orapki wallet add command, you may end up with this. You may still import your certificate but your OHS won't start and it will fail and report "nzosSetCredential returned 28791 OHS:2171 NZ Library Error: Unknown error."

The best practice (and the solution) is to have the real server name in the admin conf (as the ServerName value) and use that server name in the orapki add -wallet -dn command (example command: orapki wallet add -wallet . -dn 'CN=exampleservername,OU=FOR TESTING ONLY,O=FOR TESTING ONLY' -keysize 2048 -self_signed -validity 3650 -auto_login_only)