11g - How To Configure OVD/OID Adapter For SSL Mutual Auth (mode U 3)
Last updated on OCTOBER 26, 2017
Applies to:Oracle Virtual Directory - Version 184.108.40.206.0 and later
Oracle Internet Directory - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
To complement the official documentation, this Note provides a detailed step-by-step procedure to achieve Client and Server Authentication over SSL for OVD / OID ldap adapter.
Use this method to achieve PKI Cerificate Authentication of the OID Proxy user rather than supplying a username and password in the OVD Adapter configuration.
Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory 11g Release 1 (11.1.1) Part Number E10046-06
12.1.2 Configuring a Mutual Authentication SSL Connection Between Oracle Virtual Directory and Oracle Internet Directory
At the time of writing (version 18.104.22.168), the following statements had some typographical errors - they have been corrected in the 22.214.171.124 Documentation:
If $ORACLE_INSTANCE/config/OVD/ovd1/adapters.jks does not exist, create it with a self-signed certificate to store the trusted certificates by using the following command:
Should Say: $ORACLE_INSTANCE/config/OVD/ovd1/keystores/adapters.jks
Import the Oracle Internet Directory server certificate created in step 2 to the Oracle Virtual Directory keystore as a trusted entry using the following command:
Should Say: Import the Oracle Internet Directory server certificate created in step 3 to the Oracle Virtual Directory keystore as a trusted entry using the following command:
The following instruction is missing from step 7
* Select SSL Authentication Mode "Server only Authentication/Mutual Authentication"
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms