11g - How To Configure OID For SSL Mutual Auth (mode U 3)
(Doc ID 1311791.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1 and later Information in this document applies to any platform.
Goal
The 11g Documentation in the Oracle Internet Directory Admin Guide is incomplete with regards to how to set up OID for mutual auth over SSL. It only shows:
Use this method to test an SSL configuration with SSL client and server authentication configured.
Oracle Internet Directory supports the Certificate Matching Rule. The DN and password passed on the ldapbind command line are ignored. Only the DN from the certificate or the certificate hash is used for authorization.
See Also: "Direct Authentication".
To use the bind DN (Distinguished Name) from the client certificate, the syntax is:
ldapbind -U 3 -h host -p port -W "file:DIRECTORY_CONTAINING_WALLET" -Q
It only provides how to test it. There is no procedure on how to set it up.
This document provides a detailed step-by-step procedure to acheive Client and Server Authentication over SSL for OID ldap operations.
Solution
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!