Server Certificate

Each ECDA Option for Oracle must have its own server certificate file that is loaded at start-up. The location of the server certificate is specified in the certificate_file configuration option.

The server certificate file consists of encoded data, including the server's certificate and the encrypted private key for the server certificate.

To make a successful client connection, the common name in the certificate must match the ECDA Option for Oracle name in the interfaces file.

CA Trusted Roots Certificate

At start-up, ECDA Option for Oracle loads the list of trusted CAs from the trusted roots file. The trusted roots file is similar in format to a certificate file, except that it contains certificates for CAs known to ECDA Option for Oracle. A trusted roots file is accessible by the ECDA Option for Oracle in:

  • UNIX – <install_dir>/DCO-15_0/connectivity/bin/config/trusted.txt

  • Windows – C:\<install_dir>\DCO-15_0\connectivity\bin\ini\trusted.txt

Alternatively, you can specify the location of the trusted roots file in the trusted_roots_file configuration option.

The System Security Officer adds and deletes CAs that are to be accepted by ECDA Option for Oracle, using a standard ASCII-text editor.

Parent topic: Secure Sockets Layer