Friday, October 30, 2015

HOW TO ENABLE SSL for OID



The following is an example of a default config set:

cn=configset, cn=osdldapd, cn=subconfigsubentry
cn=configset
objectclass=top
objectclass=orclConfigSet
objectclass=orclLDAPSubConfig
orclsslauthentication=32  (This can be 0, 32, or 64.)
orclsslenable=2
orclsslport=3060
orclserverprocs=1

Where:
for orclsslauthentication:
    0  - is mode 1 in SSL ODM client (No Authentication)
            + no authentication or confidentiality mode.
            + no server wallet or client wallet needed.
            + Diffie Hellman algorithms will be used.

    32 - is mode 2 in SSL ODM client (Server Authentication)
            + server authentication only
            + complete server wallet needed (private key, certificate, the
              signer certificate, and trustpoints)
            + client wallet needed (Client wallet only needs to have trustpoints
              so as to be able to verify the server certificates.
            + RSA algorithms will be used.

    64 - is mode 3 in SSL ODM client (Client and Server Authentication)

            + this SSL mode will requires server and client authentication.
            + complete server wallet needed (server private key, server
              certificate, trustpoints, etc...)
       + complete client wallet on ODM side (client private key, client
              certificate, trustpoints, etc..)
            + RSA algorithms will be used.


Notes:

1. The SSL mode must be consistent between the client and server.
2. If the server is setup with server mode (2), clients can use either mode 1
   or mode 2 (No Authentication or Server Authentication)
3. If the server is setup with mode 3 (Client and Server Authentication),
   clients can ONLY use mode 3 (SSL Client and Server Authentication).
4. If the server is setup with mode 1 (No Authentication) then the client can
   ONLY use mode 1 (No Authentication)


Security >> Wallet

Either Create a Self Signed or Import a existing wallet.
Click Oracle Internet Directory > Administration > Server Properties

Click on Change SSL Settings
From SSL Authentication Select from “No Authentication”  >> “Server Authentication”  or “Mutual Authentication”
-      Select ciphers (it is recommended to select ciphers based on enterprise security requirements)
-       Restart OID using opmnctl stopall; opmnctl startall


For Changing LDAP port#
http://bolagani.blogspot.com/2015/10/how-to-change-ldap-port-oid.html

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)