OID 11g - How To Create New OID Instance And Configure For SSL Server Auth (mode 2) (Self-Signed Wallet Example)
(Doc ID 1203271.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterInformation in this document applies to any platform.
Goal
The out-of-box configuration for OID has a non-ssl port, and an ssl port configured for mode 1 which is encryption only. If you need to configure DIP synchronization to a remote source over SSL or if you need to install the ADPassword Filter then they will each require SSL mode 2, server authentication.
To setup OID to run in mode 2 (server authentication) then is it suggested that you create a new/second OID instance and configure it accordingly.
For background on OID modes see the following documentation:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) Part Number E10029-02 Chapter/Topic 25.1.3 SSL Authentication Modes
Note that it states the following:
Additionally, the Oracle Directory Services Manager (ODSM) and Directory Integration Platform (DIP) are also configured to run in mode 1. While they can be reconfigured for mode 2 it is easier to:
- Continue running ODSM in mode 1
- Don't run DIP in the default instance
- Reconfigure DIP to run in new OID instance ( this is covered in note 1203927.1)
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| Part 3 - Alternate Method for Reconfiguring the New Instance for SSL |
| References |