My Oracle Support Banner

ODSEE - Client Certificate-Based Authentication Over SSL to Oracle Directory Server (Part II) (Doc ID 1287204.1)

Last updated on FEBRUARY 08, 2024

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3 and later
Information in this document applies to any platform.


This document is divided in 2 parts:


SSL Workflow between Client and Server

Below is the flow control between server and client to establish client authentication with user certificate binary verification.

  1. Client sends client client_hello to Server

  2. Server responds with server_hello, and its certificate. Server requests the client certificate

  3. Client replies with its certificate and exchanges the session key

  4. SSL connection established

  5. Server searches the subject DN of the client certificate. In our example here it is cn=USER.1,ou=people,<SUFFIX_DN>

  6. From the user entry cn=USER.1,ou=people,<SUFFIX_DN>, server fetches the value of "userCertificate:" attribute which is the exact copy of the client's certificate. Server uses this value for verification of the the client's identification for binding to the directory.

  7. After authentication, the LDAP operation will be performed as usual

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 SSL Workflow between Client and Server
Questions and Answers
 Directory Server
 1) Client authentication
 2) CLIENT_SSL keystore/truststore
 3) User Certificate Request (for user id <USER.1>)
 4) Signing the user certificate request with a certificate authority
 5) Adding the user signed certificate to the CLIENT_SSL truststore/keystore
 6) Verifying that the certificate added is trusted/valid
 7) Certmap.conf
 8) LDAPS request
 9) Certificate mapping verification

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.