My Oracle Support Banner

ODSEE - Questions on the Directory Server and Trust for CA Issued Certificates (Doc ID 1322483.1)

Last updated on JULY 31, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.1 and later
Information in this document applies to any platform.
***Checked for relevance on 14-May-2013***


What is the best way to handle the trust of Private CA signed SSL certificates between DS servers in a replication topology?

One of the major things broken is replication over SSL between the servers in the topology when trust can not be established. As well as strict clients failing to trust the issuer of the certificate and closing SSL or TLS based connections without completing the LDAPS request.

In this scenario, SSL server certificates are being issued by a private certificate authority, including server certificates for the directory servers. To establish and maintain trust, the process of importing specific server certificates between systems is being used today. As the number of servers grows, and over time the servers expire and have new certificates issued, this will become complex to manage.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.