11g - How To Configure OVD/OID Adapter For SSL Mutual Auth (mode U 3)
(Doc ID 1449118.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Virtual Directory - Version 11.1.1.5.0 and laterOracle Internet Directory - Version 11.1.1.5.0 and later
Information in this document applies to any platform.
Goal
To complement the official documentation, this Note provides a detailed step-by-step procedure to achieve Client and Server Authentication over SSL for OVD / OID ldap adapter.
Use this method to achieve PKI Cerificate Authentication of the OID Proxy user rather than supplying a username and password in the OVD Adapter configuration.
Official documentation:
Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory 11g Release 1 (11.1.1) Part Number E10046-06
12.1.2 Configuring a Mutual Authentication SSL Connection Between Oracle Virtual Directory and Oracle Internet Directory
At the time of writing (version 11.1.1.5), the following statements had some typographical errors - they have been corrected in the 11.1.1.7 Documentation:
Step 2.
If $ORACLE_INSTANCE/config/OVD/ovd1/adapters.jks does not exist, create it with a self-signed certificate to store the trusted certificates by using the following command:
Should Say: $ORACLE_INSTANCE/config/OVD/ovd1/keystores/adapters.jks
Step 4.
Import the Oracle Internet Directory server certificate created in step 2 to the Oracle Virtual Directory keystore as a trusted entry using the following command:
Should Say: Import the Oracle Internet Directory server certificate created in step 3 to the Oracle Virtual Directory keystore as a trusted entry using the following command:
Step 7.
The following instruction is missing from step 7
* Select SSL Authentication Mode "Server only Authentication/Mutual Authentication"
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |