OUD - How to Use Keystore (for Private Keys) and Truststore (for Public and Signed Certificates)
(Doc ID 1958191.1)
Last updated on JULY 10, 2023
Applies to:
Oracle Unified Directory - Version 11.1.2.2.0 and laterInformation in this document applies to any platform.
The goal of this document is to describe: How OUD uses the different Keystores
Purpose
This KM doc describes how to use keystores (for private keys) and truststores (for public, signed certificates).
Up to three sets of key stores are used, as shown in the diagram below -
By default the key stores are located in the <OUD_INSTANCE_ROOT>
/config
directory.
-
The
keystore
andtruststore
hold keys for securing connections with client applications. -
The
admin-keystore
andadmin-truststore
hold keys for securing administrative connections through the ADMIN_PORT, such as those used when connecting with the dsconfig command. -
The
ads-truststore
holds keys for securing replication connections with other OUD servers in the replication topology.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Details |
1. Differences Between Keystores and Truststores Under <OUD_INSTANCE_ROOT>/config |
2. Create Server private key |
2.1 Remove Self Certificate alias server-cert |
2.2 Create a Private Server Key |
3. Generating the Server Certificate Request |
4. Server Certificate and Intermediate / Root CA Certificates Signed by a Certificate Authority |
5. Importing the Servers certificate and CA certificates in Server Keystore |
6. Check the LDAPS Server Authentication |