Configuring SSL Authentication With Client Certificates Signed By The Server Using orapki
(Doc ID 1381035.1)
Last updated on MAY 01, 2019
Advanced Networking Option - Version 10.2.0.5 to 18.104.22.168 [Release 10.2 to 12.1] Information in this document applies to any platform.
This note uses the Oracle command line tool orapki to create all the needed certificates for SSL authentication. The method presented in this note is different to the methods described in <Note 401251.1> and <Note 736510.1>. The difference is that in this note we use server's wallet to sign the certificates of the clients(rather than using an external CA for signing the certificates of the client, we use server's auto login wallet as a CA). In <Note 401251.1> each client signs it's own certificate and then we import into server's wallet the root certificates of all the clients. <Note 736510.1> describes in great detail the process of setting this up using OWM (rather than orapki) and also suggests that the CA is a third party entity.
This note is intended for use by the database administrators who are configuring SSL Authentication.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!