How to Setup a CA Signed Wallet (non self signed) with a New OID 11g SSL Server Authentication (Mode2) Instance
(Doc ID 1560010.1)
Last updated on APRIL 03, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1 to 11.1.1.9.180709 [Release 11g]Oracle Database - Enterprise Edition - Version 19.9.0.0.0 to 19.9.0.0.0 [Release 19]
Information in this document applies to any platform.
Goal
In <Document 1203271.1> was a detailed a procedure using a self-signed certificate with the new oid instance configured in mode 2.
The goal now is can use a non self-signed certificate with a new OID instance which has been configured for SSL Server Auth (mode2)
Notice.-
The out-of-box configuration for OID has a non-ssl port, and an ssl port configured for mode 1 which is encryption only.
Configurations such as DIP synchronization to a remote source over SSL or the 'AD Password Filter' will each require SSL mode 2, server authentication.
To setup OID to run in mode 2 (server authentication) then it is suggested that you create a new/second OID instance and configure it accordingly.
For background on OID modes see the following documentation:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) Part Number E10029-02 Chapter/Topic 25.1.3 SSL Authentication Modes
Note that it states the following:
Additionally, the Oracle Directory Services Manager (ODSM) and Directory Integration Platform (DIP) are also configured to run in mode 1. While they can be reconfigured for mode 2 it is easier to:
- Continue running ODSM in mode 1
- Don't run DIP in the default instance
- Reconfigure DIP to run in new OID instance ( this is covered in <Document 1203927.1>.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |