How to Setup a CA Signed Wallet (non self signed) with a New OID 11g SSL Server Authentication (Mode2) Instance
(Doc ID 1560010.1)
Last updated on SEPTEMBER 16, 2021
Applies to:Oracle Internet Directory - Version 11.1.1 to 220.127.116.11.180709 [Release 11g]
Oracle Database - Enterprise Edition - Version 18.104.22.168.0 to 22.214.171.124.0 [Release 19]
Information in this document applies to any platform.
In <Document 1203271.1> was a detailed a procedure using a self-signed certificate with the new oid instance configured in mode 2.
The goal now is can use a non self-signed certificate with a new OID instance which has been configured for SSL Server Auth (mode2)
The out-of-box configuration for OID has a non-ssl port, and an ssl port configured for mode 1 which is encryption only.
Configurations such as DIP synchronization to a remote source over SSL or the 'AD Password Filter' will each require SSL mode 2, server authentication.
To setup OID to run in mode 2 (server authentication) then it is suggested that you create a new/second OID instance and configure it accordingly.
For background on OID modes see the following documentation:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) Part Number E10029-02 Chapter/Topic 25.1.3 SSL Authentication Modes
Note that it states the following:
Additionally, the Oracle Directory Services Manager (ODSM) and Directory Integration Platform (DIP) are also configured to run in mode 1. While they can be reconfigured for mode 2 it is easier to:
- Continue running ODSM in mode 1
- Don't run DIP in the default instance
- Reconfigure DIP to run in new OID instance ( this is covered in <Document 1203927.1>.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document