11g - How To Configure OID For SSL Mutual Auth (mode U 3)

(Doc ID 1311791.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


The 11g Documentation in the Oracle Internet Directory Admin Guide is incomplete with regards to how to set up OID for mutual auth over SSL.  It only shows:

27.6.3 Testing SSL With Client and Server Authentication

Use this method to test an SSL configuration with SSL client and server authentication configured.

Oracle Internet Directory supports the Certificate Matching Rule. The DN and password passed on the ldapbind command line are ignored. Only the DN from the certificate or the certificate hash is used for authorization.

See Also:
"Direct Authentication".

To use the bind DN (Distinguished Name) from the client certificate, the syntax is:

ldapbind -U 3 -h host -p port -W "file:DIRECTORY_CONTAINING_WALLET" -Q

It only provides how to test it. There is no procedure on how to set it up.

This document provides a detailed step-by-step procedure to acheive Client and Server Authentication over SSL for OID ldap operations.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms