My Oracle Support Banner

OUD - How to Use Keystore (for Private Keys) and Truststore (for Public and Signed Certificates) (Doc ID 1958191.1)

Last updated on JULY 10, 2023

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.
The goal of this document is to describe: How OUD uses the different Keystores



This KM doc describes how to use keystores (for private keys) and truststores (for public, signed certificates).

Up to three sets of key stores are used, as shown in the diagram below -

By default the key stores are located in the <OUD_INSTANCE_ROOT>/config directory.

  • The keystore and truststore hold keys for securing connections with client applications.

  • The admin-keystore and admin-truststore hold keys for securing administrative connections through the ADMIN_PORT, such as those used when connecting with the dsconfig command.

  • The ads-truststore holds keys for securing replication connections with other OUD servers in the replication topology.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1. Differences Between Keystores and Truststores Under <OUD_INSTANCE_ROOT>/config
 2. Create Server private key
 2.1 Remove Self Certificate alias server-cert
 2.2 Create a Private Server Key
 3. Generating the Server Certificate Request
 4. Server Certificate and Intermediate / Root CA Certificates Signed by a Certificate Authority
 5. Importing the Servers certificate and CA certificates in Server Keystore
 6. Check the LDAPS Server Authentication

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.