Questions On The Directory Server And Trust For CA Issued Certificates (Doc ID 1322483.1)

Last updated on OCTOBER 11, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.1 and later
Information in this document applies to any platform.
***Checked for relevance on 14-May-2013***

Goal

What is the best way to handle the trust of Private CA signed SSL certificates between DS servers in a replication topology?

One of the major things broken when this trust can not be established is replication over SSL between the servers in the topology. As well as strict clients failing to trust the issuer of the certificate and closing SSL or TLS based connections without completing the LDAPS request.

In this scenario, SSL server certificates are being issued by a private certificate authority, including server certificates for the directory servers. To establish and maintain trust, the process of importing specific server certificates between systems is being used today. As the number of servers grows, and over time the servers expire and have new certificates issued, this will become complex to manage.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms