Configuring SSL Parameters

During start-up of a directory server instance, the directory reads a set of configuration parameters, including the parameters for the SSL profile. If you are going to run the directory with SSL enabled, you need to examine--and possibly reconfigure--the SSL parameters in the configuration set entry.

To run a server instance in secure mode, set the SSL Enable parameter in the configuration settings to 1: the default secure port is 636. To allow the same instance to run non-secure connections concurrently, set SSL Enable to 2: the default non-secure port is 389.

You can create and modify multiple sets of configuration parameters with differing values, using a different configuration set entry for each instance of Oracle Internet Directory. This is a useful way to accommodate clients with different security needs.

Oracle Corporation recommends that you create separate configuration sets and modify their SSL values, rather than modify SSL values in the default configuration set. The default set may be required by Oracle Support Services in the diagnosis of certain technical issues.

See Also: "Managing Server Configuration Set Entries" for instructions on how to set these parameters "Configuration Set Entry Schema Elements" for a description of these parameters

Configuring SSL Parameters by Using Oracle Directory Manager

You can examine and modify the values for the SSL configuration parameters in each configuration set entry that you have created and in each server instance that is currently running.

Note: You cannot directly change the parameters for an active instance. If you want to change the parameters for an active instance, change the parameters in a configuration set entry and save it. After it is saved, you can stop current instances and refer to the newly modified configuration set in the start server message.

Adding a New SSL Configuration Set

Note: Prior using Oracle Directory Manager to add a new SSL configuration set, you must do the following by using Oracle Wallet Manager: Create a new wallet Create a certificate request and send it to your certificate authority If your certificate authority is not included in the default list of trusted certificates in Oracle Wallet Manager, then import the trusted certificate of your certificate authority into your wallet Save the wallet with auto-login enabled See Also: The chapter on Oracle Wallet Manager in Oracle Advanced Security Administrator's Guide

To add a new SSL configuration set:

1. In the navigator pane, expand in succession Oracle Internet Directory Servers, directory server instance, Server Management.

2. Expand either Directory Server or Replication Server, as appropriate. The numbered configuration sets are listed beneath your selection.

3. Select the default configuration set.

4. Choose Create Like. The Configuration Sets dialog box displays the General tab page.

5. In the General tab page, change the value of the non-SSL port to something other than the default (389 or 4032).

6. Select the SSL Settings tab, and, enter values in the appropriate fields. These fields are described in Table C-33.

Viewing and Modifying SSL Configuration Parameters

To view and modify SSL configuration parameters:

1. In the navigator pane, expand in succession Oracle Internet Directory Servers, directory server instance, Server Management.

2. Expand either Directory Server or Replication Server, as appropriate. The numbered configuration sets are listed beneath your selection.

3. Select the configuration set that you want to examine. The group of tab pages for that configuration set entry appear in the right pane.

4. Select the SSL Settings tab page, modify the fields and save the changes. These fields are described in Table C-39.

   See Also: "Managing Server Configuration Set Entries by Using Oracle Directory Manager" for information about changing parameters in a configuration set entry

Configuring SSL Parameters by Using Command-Line Tools

See Also: "Managing Server Configuration Set Entries by Using Command-Line Tools" "Entry and Attribute Management Command-Line Tools Syntax" for instructions on using the -p, -U, and -W flags to configure SSL