Corporation Network Router User Manual
Parameters for Clients and Servers using SSL
Authentication Parameters B-11
SSL_SERVER_CERT_DN
Purpose Use this parameter to force the server's distinguished name
(DN) to match its service name. If you force the match
verifications, SSL ensures thatthe certificate is from the server.
If you choose to not enforce the match verification, SSL
performs the check but permits the connection, regardless if
there is a match. Not forcing the match lets the server potentially
fake its identity.
Values yes|on|true—Specify to enforce a match. If the DN
matches theservice name, the connection succeeds;otherwise,
the connection fails.
no|off|false—Specify to not enforce a match. If the DN
does not match the service name, the connection is successful,
but an error is logged to the sqlnet.log file.
Default Oracle8i, or later:.FALSE. SSL client (always) checks server
DN. If it does not match the service name, the connection
succeeds but an error is logged to sqlnet.log file.
Usage Notes Additionally configure the tnsnames.ora parameter SSL_
SERVER_CERT_DN to enable server DN matching.
Parameter Name SSL_SERVER_CERT_DN
Where stored tnsnames.ora—Can be stored on the client, for every server
it connects to, OR it can be stored in the LDAP directory, for
every server it connects to, updated centrally.
Purpose This parameter specifies the distinguished name (DN) of the
server. The client uses this information to obtain the list of
DNs it expects for each of the servers—to force the server's
DN to match its service name.
Values Set equal to distinguished name (DN) of the server.
Default n/a
Usage Notes Additionally configure the sqlnet.ora parameter SSL_
SERVER_DN_MATCH to enable server DN matching.