Enabling SSL
Configuring Secure Sockets Layer Authentication 7-27
■ No (default): SSL checks for a match between the DN and the service name,
but does not enforce it. Connections succeed regardless of the outcome, but
an error is logged if the match fails.
■ Let Client Decide: Enables the default.
6. Choose File > Save Network Configuration.
The sqlnet.ora file on the client is updated with the following entries:
SSL_CLIENT_AUTHENTICATION =TRUE
wallet_location =
(SOURCE=
(METHOD=File)
(METHOD_DATA=
(DIRECTORY=wallet_location)))
SSL_SERVER_DN_MATCH=(ON/OFF)
Note: This check can be made only when RSA ciphers are
selected, which is the default setting.
Note: The following alert appears when you select No:
Security Alert
Not enforcing the server X.509 name match allows a server to
potentially fake its identity. Oracle Corporation recommends
selecting YES for this option so that connections are refused when
there is a mismatch.
See Also:
For information about the server match parameters:
■ "SSL X.509 Server Match Parameters" on page B-10
For information about using Oracle Net Manager to configure
TCP/IP with SSL:
■ Oracle Net Services Administrator's Guide
■ Oracle Net Services Reference Guide
To Next Page
Loading...