Configuring SSL in Oracle Fusion Middleware 6-29 SSL Enabling in Other Authentication Modes The steps for SSL-enabling in other authentication modes are similar, except that in the SSL Settings dialog, you would set the appropriate authentication type.

6.6.2.2 Enabling SSL on an Oracle Virtual Directory Listener Using WLST

Take these steps to configure the listener in server-auth mode: 1. Determine the listeners for this Oracle Virtual Directory instance by running the following command: listListenersinst1,ovd1 This command lists all the listeners for this instance; select the one that needs to be configured for SSL. For this example, select LDAP SSL Endpoint. 2. Obtain the name of the SSL MBean for the Oracle Virtual Directory listener: getSSLMBeanNameinst1, ovd1, ovd, LDAP SSL Endpoint This command will return the SSL MBean name. 3. Set the passwords for the keystore and truststore in the MBean with the following commands: cd SSL_MBean_Name setKeyStorePassword,java.lang.Stringpassword.toCharArray setTrustStorePassword,java.lang.Stringpassword.toCharArray 4. Configure the listener with SSL properties: configureSSLinst1, ovd1, ovd, LDAP SSL Endpoint Note: ■ -U 2 represents the server-auth mode. ■ DIRECTORY_SSL_WALLET is the path to a wallet file, not including the wallet file name. ■ This wallet must contain the trusted certificate of the CA that issued the server certificate. Note: If configuring SSL for an LDAP listener, SSL communication is verified using ldapbind. If it is an http listener, it is verified using a browser. Note: Steps 2 and 3 are required only for server-auth and mutual-auth modes. 6-30 Oracle Fusion Middleware Administrators Guide Enabling SSL in Other Authentication Modes You can do this by running the configureSSL command with a properties file as parameter and specifying appropriate authentication type parameter value. For details, see Creating and Managing Oracle Virtual Directory Listeners in the Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory.

6.6.3 Configuring SSL for the Database

This section contains these topics: ■ SSL-Enable Oracle Database ■ SSL-Enable a Data Source

6.6.3.1 SSL-Enable Oracle Database

Take these steps to SSL-enable Oracle database: 1. Create a root CA and a certificate for the DB. Here is an example: mkdir root mkdir server Create root wallet, add self-signed certificate and export orapki wallet create -wallet .root -pwd password orapki wallet add -wallet .root -dn CN=root_test,C=US -keysize 2048 -self_ signed -validity 3650 -pwd password orapki wallet display -wallet .root -pwd password orapki wallet export -wallet .root -dn CN=root_test,C=US -cert .rootb64certificate.txt -pwd password Create server wallet, add self-signed certificate and export orapki wallet create -wallet .server -pwd password orapki wallet add -wallet .server -dn CN=server_test,C=US -keysize 2048 -pwd password orapki wallet display -wallet .server -pwd password orapki wallet export -wallet .server -dn CN=server_test,C=US -request .servercreq.txt -pwd password Import trusted certificates orapki cert create -wallet .root -request .servercreq.txt -cert .servercert.txt -validity 3650 -pwd password orapki cert display -cert .servercert.txt -complete orapki wallet add -wallet .server -trusted_cert -cert .rootb64certificate.txt -pwd password orapki wallet add -wallet .server -user_cert -cert .servercert.txt -pwd password orapki wallet create -wallet .server -auto_login -pwd password}} 2. Update listener.ora, sqlnet.ora, and tnsnames.ora for the database. a. This example shows the default listener.ora: SID_LIST_LISTENER = Note: Self-signed certificates are not recommended for production use. For information about obtain production wallets, see Section 8.4.8.3, Changing a Self-Signed Wallet to a Third-Party Wallet. .