Oracle Internet Directory Administrator's Guide Release 9.0.2 Part Number A95192-01 |
|
This chapter explains how to configure Secure Sockets Layer (SSL) for use with Oracle Internet Directory. If you use Secure Sockets Layer (SSL), you may also configure strong authentication, data integrity, and data privacy.
This chapter contains these topics:
"Security" for a conceptual overview of SSL in relation to Oracle Internet Directory
See Also:
A cipher suite is a set of authentication, encryption, and data integrity algorithms used for exchanging messages between network nodes. During an SSL handshake, the two nodes negotiate to see which cipher suite they will use when transmitting messages back and forth.
The Oracle Internet Directory supports the following SSL cipher suites:
Oracle Internet Directory clients can use SSL 2.0 or SSL 3.0. A client over SSL can connect to a server anonymously or by using either simple or strong authentication.
When both a client and server authenticate themselves to each other, SSL derives the identity information it requires from the X509v3 digital certificates.
During start-up of a directory server instance, the directory reads a set of configuration parameters, including the parameters for the SSL profile. If you are going to run the directory with SSL enabled, you need to examine--and possibly reconfigure--the SSL parameters in the configuration set entry.
To run a server instance in secure mode, set the SSL Enable parameter in the configuration settings to 1: the default secure port is 636. To allow the same instance to run non-secure connections concurrently, set SSL Enable to 2: the default non-secure port is 839.
You can create and modify multiple sets of configuration parameters with differing values, using a different configuration set entry for each instance of Oracle Internet Directory. This is a useful way to accommodate clients with different security needs.
Oracle Corporation recommends that you create separate configuration sets and modify their SSL values, rather than modify SSL values in the default configuration set. The default set may be required by Oracle Support Services in the diagnosis of certain technical issues.
See Also:
|
You can examine and modify the values for the SSL configuration parameters in each configuration set entry that you have created and in each server instance that is currently running.
To view and modify SSL configuration parameters:
You can change the parameters in this tab page and save them. The fields in this tab page are described in the following table:
See Also:
"Managing Server Configuration Set Entries by Using Oracle Directory Manager" for information about changing parameters in a configuration set entry |
If you intend to support both SSL and non-SSL clients on the same host, you need to configure two distinct server instances.
In Oracle Internet Directory Release 9.0.2, the Oracle directory replication server cannot communicate directly with SSL-enabled Oracle directory server instances.
See Also:
Chapter 5, "Oracle Directory Server Administration" for instructions on how to configure server instances |
|
Copyright © 1999, 2002 Oracle Corporation. All Rights Reserved. |
|