11g - How To Configure OID For SSL Mutual Auth (mode U 3)
Last updated on MARCH 08, 2017
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
The 11g Documentation in the Oracle Internet Directory Admin Guide is incomplete with regards to how to set up OID for mutual auth over SSL. It only shows:
27.6.3 Testing SSL With Client and Server Authentication
Use this method to test an SSL configuration with SSL client and server authentication configured.
Oracle Internet Directory supports the Certificate Matching Rule. The DN and password passed on the ldapbind command line are ignored. Only the DN from the certificate or the certificate hash is used for authorization.
To use the bind DN (Distinguished Name) from the client certificate, the syntax is:
ldapbind -U 3 -h host -p port -W "file:DIRECTORY_CONTAINING_WALLET" -Q
It only provides how to test it. There is no procedure on how to set it up.
This document provides a detailed step-by-step procedure to acheive Client and Server Authentication over SSL for OID ldap operations.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms