My Oracle Support Banner

ODSEE / DPS - SSL Certificates Installed in Directory Proxy Server (DPS) Appear in CA Certs Instead of Certs Container (Doc ID 1496042.1)

Last updated on OCTOBER 08, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3 to 11.1.1.5.0 [Release 6.0 to 11gR1]
Information in this document applies to any platform.

Symptoms

SSL server certificates added to the DPS certificate database appear as CA certs, rather than server certs. The following example shows how the server certificate is added but is listed as CA cert rather than a server cert.

# dpadm list-certs <INSTANCE_ROOT>
0 certificate found.
________________________________________________

# dpadm list-certs -C <INSTANCE_ROOT> | grep <TEST_CERT>
<TEST_CERT>.2012                  2012/06/22 09:51 2017/06/21 09:51 n         CN=xxx Issuing CA, OU=xxx, O=xxx, L=xxx, ST=xxx, DC=xxx, DC=<SUFFIX_DN>, DC=xxx, C=xxx       CN=test.xxx.<DOMAIN>.com, O=xxx, OU=xxx, L=xxx, ST=xxx, C=xxx
________________________________________________

# dpadm add-cert <INSTANCE_ROOT>s <TEST_CERT>01.xxx.<DOMAIN>.com /tmp/ldap_certs_2012/<TEST_CERT>01.xxx.<DOMAIN>.com_3699.cert
________________________________________________

# dpadm list-certs <INSTANCE_ROOT>
0 certificate found.
________________________________________________

 

===> Notice that when issued with the -C option to display CA certs, 'dpadm list-certs' displays the newly added server certificate: <TEST_CERT>01.xxx.<DOMAIN>.com.

 

# dpadm list-certs -C <INSTANCE_ROOT> | grep <TEST_CERT>
<TEST_CERT>01.xxx.<DOMAIN>.com    2012/06/22 09:51 2017/06/21 09:51 n         CN=xxx Issuing CA, OU=xxx, O=xxx, L=xxx, ST=xxx, DC=xxx, DC=<SUFFIX_DN>, DC=xxx, C=xxx   CN=test.xxx.<DOMAIN>.com, O=xxx, OU=xxx, L=xxx, ST=xxx, C=xxx
<TEST_CERT>01.2012                  2012/06/22 09:51 2017/06/21 09:51 n         CN=xxx Issuing CA, OU=xxx, O=xxx, L=xxx, ST=xxx, DC=xxx, DC=<SUFFIX_DN>, DC=xxx, C=xxx    CN=test.xxx.<DOMAIN>.com, O=xxx, OU=xxx, L=xxx, ST=xxx, C=xxx

 

 

Changes

 Self-signed certificate was removed.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
 20.2.3 To Install a CA-Signed Server Certificate for Directory Proxy Server


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.