Configuring Secure Sockets Layer SSL 26-11 for example: cn=oid1,cn=osdldapd,cn=subconfigsubentry The SSL attributes are shown in Table 26–4 . You can use the ldapsearch command to list the SSL attributes and their values. For example, to list attributes containing the string orclssl in the instance oid1, you would type: ldapsearch -p 3060 -D cn=orcladmin -q \ -b cn=oid1,cn=osdldapd,cn=subconfigsubentry \ -s base objectclass= | grep -i orclssl After you have configured SSL Parameters, restart Oracle Internet Directory., as described in Chapter 8, Managing Oracle Internet Directory Instances. Testing SSL Connections by Using Oracle Directory Services Manager To test the SSL connection by using Oracle Directory Services Manager: 1. Invoke ODSM as described in Invoking Oracle Directory Services Manager on page 7-9 2. Connect to the Oracle Internet Directory server. On the login screen, enable SSL and specify the SSL port. If you can connect, the SSL connection is working correctly. Testing SSL Connections From the Command Line You can use the ldapbind command to test SSL connections. On UNIX, the syntax is: ldapbind -D cn=orcladmin -q -U authentication_mode -h host -p SSL_port \ -W file:DIRECTORY_CONTAINING_WALLET -Q and on Windows, the syntax is: ldapbind -D cn=orcladmin -q -U authentication_mode -h host -p SSL_port \ -W file:device:\DIRECTORY_CONTAINING_WALLET -Q Table 26–4 SSL Attributes Attribute Meaning orclsslversion SSL Version orclsslwalleturl SSL Wallet URL orclsslenable SSL Enable orclsslauthentication SSL Authentication orclsslinteropmode SSL Interoperability Mode orclsslciphersuite SSL Cipher Suite Note: Do not set orclsslenable to 1 SSL only if you use Oracle Enterprise Manager Fusion Middleware Control or WLST to manage Oracle Internet Directory. Those utilities manage the server through MBeans, which use SASL over a non-SSL connection. 26-12 Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory where authentication_mode is one of: Testing SSL With Encryption Only Use this method to test an SSL configuration with SSL no authentication required. The syntax is: ldapbind -D cn=orcladmin -q -U 1 -h host -p SSL_Port Testing SSL With Server Authentication Use this method to test an SSL configuration with SSL server authentication configured. A client can request either server authentication or no authentication. For an anonymous bind with server authentication, the syntax is: ldapbind -U 2 -h host -p port -W file:DIRECTORY_CONTAINING_WALLET -Q For a bind with user cn=orcladmin, wallet file ORACLE_ INSTANCE OIDadminmywallet, and server authentication, the syntax is: ldapbind -D cn=orcladmin -q -U 2 -h host -p port \ -W file:ORACLE_INSTANCEOIDadminmywallet -Q For a bind without SSL authentication, the syntax is: ldapbind -D cn=orcladmin -q -U 1 -h host -p SSL_Port Testing SSL With Client and Server Authentication Use this method to test an SSL configuration with SSL client and server authentication configured. Oracle Internet Directory supports the Certificate Matching Rule. The DN and password passed on the ldapbind command line are ignored. Only the DN from the certificate or the certificate hash is used for authorization. To use the bind DN Distinguished Name from the client certificate, the syntax is: ldapbind -U 3 -h host -p port -W file:DIRECTORY_CONTAINING_WALLET -Q Number Authentication 1 SSL No authentication required. 2 One-way server only SSL authentication required. 3 Two-way client and server SSL authentication required. See Also: The ldapbind command-line tool reference in Oracle Fusion Middleware Reference for Oracle Identity Management. See Also: Direct Authentication on page 32-1.