Our root CA certificate for Active Directory expired and no AD users could login to Oracle Portal. Seeded OID users could sstill login (e.g. orcladmin). We issued a new root CA cert and imported it into the Oracle Wallet, but users still cannot login. The PL/SQL plug-ins have been deleted and recreated. All OAS components, including the database, were restarted. Debugging the PL/SQL plug-ins yields the message "open_ssl failed error: 28759", which I think means there is an issue opening the wallet.
We are running Oracle Portal 10.1.4, OID 10.1.4.3 on WIndows with Widows 2008 AD as the external authentication provider (via PL/SQL plug-ins). Oracle database is on separate Linux server.
We can't switch to the Java external authentication plug-ins because we need o preserve user's group memberships and permissions (e.g. orclguid issue with deleting all users).