Questions On The Directory Server And Trust For CA Issued Certificates

(Doc ID 1322483.1)

Last updated on MAY 17, 2018

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.1 and later
Information in this document applies to any platform.
***Checked for relevance on 14-May-2013***


What is the best way to handle the trust of Private CA signed SSL certificates between DS servers in a replication topology?

One of the major things broken when this trust can not be established is replication over SSL between the servers in the topology. As well as strict clients failing to trust the issuer of the certificate and closing SSL or TLS based connections without completing the LDAPS request.

In this scenario, SSL server certificates are being issued by a private certificate authority, including server certificates for the directory servers. To establish and maintain trust, the process of importing specific server certificates between systems is being used today. As the number of servers grows, and over time the servers expire and have new certificates issued, this will become complex to manage.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms