Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Security Adapter Authentication > Process of Installing and Configuring LDAP Client Software >

Creating a Wallet for Certificate Files When Using LDAP Authentication with SSL

If you are using LDAP authentication with SSL, then you must use Oracle Wallet Manager to create a wallet to store the certificates required for SSL communications. This topic describes how to create the wallet, and how to enable SSL for the Siebel LDAP security adapter. For detailed information on using Oracle Wallet Manager, see Oracle® Database Advanced Security Administrator's Guide.

By enabling SSL for the Siebel LDAP security adapter, a secure connection is established between the Siebel application and the LDAP server. For information on enabling SSL for an LDAP server, refer to your third-party LDAP server administration documentation. This topic assumes that the LDAP server is already SSL-enabled, that is, it accepts SSL connections.

This task is a step in Process of Installing and Configuring LDAP Client Software.

Generating an Oracle Wallet

To enable SSL for the Siebel LDAP security adapter, an Oracle wallet must be created on the Siebel Server computer which runs the Application Object Managers or other components that must support LDAP authentication through the LDAP security adapter. The Oracle wallet must contain CA server certificates that have been issued by Certificate Authorities to LDAP servers.

Use the following procedure to create an Oracle wallet.

To create an Oracle wallet

  1. Determine which Certificate Authorities issued the server certificate for your LDAP server and obtain this CA certificate.
  2. Copy the CA certificate to the computer where you have installed Oracle Wallet Manager.
  3. On the Siebel Server computer where you will run the Application Object Manager components that support LDAP authentication, create an Oracle wallet using Oracle Wallet Manager.

    To create the wallet, follow the detailed instructions in Oracle® Database Advanced Security Administrator's Guide. Specify the following values:

    1. In the New Wallet dialog box, enter a password for the wallet in the Wallet Password field, then reenter the password in the Confirm Password field.
    2. From the Wallet Type list, select Standard, then click OK.

      A new empty wallet is created.

    3. When prompted to specify whether or not you want to add a certificate request, select No.

      You return to the Oracle Wallet Manager main window.

    4. Save the wallet by selecting Wallet, then Save In System Default to save the wallet file to the default directory location:
      • For UNIX the default directory location is $ORACLE_HOME/owm/wallets/username.
      • For Windows the default directory location is ORACLE_HOME\owm\wallets\username.

        You can save the wallet to a different directory if required.

  4. Import the certificate referred to in Step 2 into the wallet you have created.

    You can import as many CA certificates as required. For information on importing certificates, see Oracle® Database Advanced Security Administrator's Guide.

    NOTE:  For LDAP servers that have their server certificate issued from a new CA, just add the CA certificate to the existing wallet, instead of creating a new wallet for every LDAP server.

Enabling SSL for the Siebel LDAP Security Adapter

Use the procedure below to configure SSL for the Siebel LDAP security adapter. For more information about LDAP security adapter configuration, see Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard.

To enable SSL for the Siebel LDAP security adapter

  1. Copy the wallet you created in Generating an Oracle Wallet to the Siebel Server computer where you will run the Application Object Manager components that support LDAP authentication.
  2. Modify the LDAP security adapter configuration parameters using values similar to those shown in the following table.
    Parameter
    Value

    port

    port_number

    The SSL port is configurable for the LDAP server. Verify the actual port number the LDAP server is using for SSL and specify that value. The default value is 636.

    ssldatabase

    wallet_directory_path

    Specify the absolute path to the wallet directory, for example:

    file:c:\sslwallet

    where:

    • file is the wallet resource locator type
    • c:\sslwallet is the directory containing the wallet

    WalletPassword

    wallet_password

    Specify the password you assigned to the wallet in Step a.

    For information on configuring parameters for the LDAP security adapter, see Parameters for LDAP or ADSI Authentication.

  3. Restart the Siebel Server (if you are configuring LDAP on a Siebel Server).
    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.