How to Setup a CA Signed Wallet (non self signed) with a New OID 11g SSL Server Authentication (Mode2) Instance (Doc ID 1560010.1)

Last updated on AUGUST 11, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Goal

In <Document 1203271.1> was a detailed a procedure using a self-signed certificate with the new oid instance configured in mode 2.
The goal now is can use a non self-signed certificate with a new OID instance which has been configured for SSL Server Auth (mode2) 

 


 

Notice.-

The out-of-box configuration for OID has a non-ssl port, and an ssl port configured for mode 1 which is encryption only. 

If you need to configure DIP synchronization to a remote source over SSL or if you need to install the ADPassword Filter then they will each require SSL mode 2, server authentication.  

To setup OID to run in mode 2 (server authentication) then it is suggested that you create a new/second OID instance and configure it accordingly. 

For background on OID modes see the following documentation:

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) Part Number E10029-02 Chapter/Topic 25.1.3 SSL Authentication Modes

Note that it states the following:

" By default, the SSL authentication mode is set to authentication mode 1 (encryption only, no authentication). Be sure at least one Oracle Internet Directory server instance has this default authentication mode. Otherwise, you break Oracle Delegated Administration Services and other applications that expect to communicate with Oracle Internet Directory on the encrypted SSL port."


Additionally, the Oracle Directory Services Manager (ODSM) and Directory Integration Platform (DIP) are also configured to run in mode 1.  While they can be reconfigured for mode 2 it is easier to:

  1. Continue running ODSM in mode 1
  2. Don't run DIP in the default instance
  3. Reconfigure DIP to run in new OID instance ( this is covered in <Document 1203927.1>.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms