How to Setup a CA Signed Wallet (non self signed) with a New OID 11g SSL Server Authentication (Mode2) Instance
Last updated on AUGUST 11, 2017
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
In <Document 1203271.1> was a detailed a procedure using a self-signed certificate with the new oid instance configured in mode 2.
The goal now is can use a non self-signed certificate with a new OID instance which has been configured for SSL Server Auth (mode2)
The out-of-box configuration for OID has a non-ssl port, and an ssl port configured for mode 1 which is encryption only.
If you need to configure DIP synchronization to a remote source over SSL or if you need to install the ADPassword Filter then they will each require SSL mode 2, server authentication.
To setup OID to run in mode 2 (server authentication) then it is suggested that you create a new/second OID instance and configure it accordingly.
For background on OID modes see the following documentation:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) Part Number E10029-02 Chapter/Topic 25.1.3 SSL Authentication Modes
Note that it states the following:
Additionally, the Oracle Directory Services Manager (ODSM) and Directory Integration Platform (DIP) are also configured to run in mode 1. While they can be reconfigured for mode 2 it is easier to:
- Continue running ODSM in mode 1
- Don't run DIP in the default instance
- Reconfigure DIP to run in new OID instance ( this is covered in <Document 1203927.1>.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms