|Oracle9i Network, Directory, and Security Guide
Release 1 (9.0.1) for Windows
Part Number A90165-01
This chapter describes the integration of Oracle Public Key Infrastructure (PKI) with Windows 2000 Public Key Infrastructure (Windows PKI) on Windows operating systems.
This chapter contains these topics:
Oracle Public Key Infrastructure (PKI) is used by the Oracle Enterprise Security Manager, LDAP-enabled Oracle Enterprise Manager, Oracle's Secure Socket Layer (SSL) authentication, Oracle9i database, and Oracle Application Server.
Oracle PKI includes the following components:
The Microsoft Certificate Store integration works only with the certificates that use Microsoft Enhanced Cryptographic Provider. You need to install the Windows High Encryption Pack to get this Cryptographic Provider and select Microsoft Enhanced Cryptographic Provider when creating these certificates. Also, when there are more than one of these certificates available for the same key usage (signature/key exchange), the first certificate retrieved will be used for Oracle SSL.
Microsoft Certificate Stores are repositories for storing certificates and their associated properties. Windows 2000 stores certificates and certificate revocation lists in logical and physical stores. Logical stores contain pointers to the public key objects in the physical stores. Logical stores enable public key objects to be shared between users, computers, and services without requiring the storage of duplicates of the objects for each user, computer, or service. With physical stores, public key objects are stored in the registry of the local computer or, for some user certificates, in Active Directory. Some of the standard system certificate stores defined by Microsoft are:
Microsoft Certificate Services (MCS) consists of the following modules:
The Wallet Resource Locator (WRL) specifies that the
WALLET_LOCATION parameter in the
sqlnet.ora file identifies a particular PKI.
The user can choose between using Oracle Wallet or Microsoft Certificate Store by setting the
WALLET_LOCATION parameter in
To use the credentials from Microsoft Certificate Store:
sqlnet.orais set to: