My Oracle Support Banner

DPS 6.3.1.1 - When "allow-cert-based-auth" is set to "require" DPS does not Request Client Certificate (Doc ID 1324962.1)

Last updated on MAY 17, 2021

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3 SP1 to 6.3.1 SP1 DPS6.3.1.1 [Release 6.0]
Information in this document applies to any platform.





Symptoms

# dpadm -V
[dpadm]
dpadm               : 6.3.1.1 B2009.1106.0259 NAT

[DPS]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory-Proxy-Server/6.3.1.1 B2009.1106.0259


DPS is not requesting the client's certificate when the client authentication is set to "require".

See some examples about different values for Client authentication bellow:

* Client authentication set to "Require":

# openssl s_client -connect <HOST>:<SSL_PORT>
CONNECTED(00000004)
...
---
No client certificate CA names sent
---
SSL handshake has read 961 bytes and written 314 bytes
---




* Client authentication set to "Allow":

# openssl s_client -connect <HOST>:<SSL_PORT>
CONNECTED(00000004)
...
---
Acceptable client certificate CA names
/C=COUNTRY/L=LOCALE/OU=Services/O=ORGANIZATION/CN=TEST_NAME
/CN=XYZ:2233
/O=ORGANIZATION/CN=Directory Server//CN=XYZ
/O=ORGANIZATION/CN=Directory Server//CN=XYZ
---
SSL handshake has read 1327 bytes and written 326 bytes
---





* Client authentication set to "Do Not Allow":

# openssl s_client -connect <HOST>:<SSL_PORT>
CONNECTED(00000004)
...
---
No client certificate CA names sent
---
SSL handshake has read 961 bytes and written 314 bytes
---


Note.- To verify the current authentication setting, run the following Directory Proxy command and check the allow-cert-based-auth attribute value:

$ dpconf get-server-prop -h HOST -p PORT

Another way is to look up the value to allow-cert-based-auth attribute inside of conf.ldif file.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.