Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Application Server Security >> 10G Wallet and Wildcard SSL certs
        
(Message started by: Pete Finnigan on Mar 7th, 2007, 9:06pm)
Title: 10G Wallet and Wildcard SSL certs
Post by Pete Finnigan on Mar 7th, 2007, 9:06pm
We have an Oracle 10G server. The wallet feature looks nice for maintaining SSL certificates. We have a 3rd party wild card certificate for all of our servers, but it does not look like the Wallet in 10G supports wild cards. Does anyone have a tip here? Can anyone point me to documentation stating that Oracle does not support wildcard certs, in which case, my CA provider will issue a normal cert instead of the wildcard cert for our Oracle server.
Title: Re: 10G Wallet and Wildcard SSL certs
Post by Pete Finnigan on May 5th, 2007, 7:32pm
Here's the official statement as of a while ago.  I suppose it may have changed, but it likely hasn't:


Quote:
Per Metalink Note:291774.1:

Question 2:
Using the same SSL certificate for multiple Name-Based Virtual Hosts is
sometimes used on the Internet. This is referred to as 'certificate
sharing', or 'wild-carding certificates', and requires a special
certificate from the Certificate Authority. Is this supported?

Answer 2:
No, sharing certificates for multiple Name-Based Virtual Hosts is not
supported by Oracle. The use of wildcard certificates could compromise
security, and are not compatible with OWM. If there is a business need
for this, please file an Enhancement Request.


Note, however, that it is possible, though not supported, using the OpenSSL tools in combination with Oracle Window Manager to use a wildcard certificate.  I would definitely recommend trying to get an individual certificate first though.
Title: Re: 10G Wallet and Wildcard SSL certs
Post by Pete Finnigan on Sep 10th, 2007, 1:54am
You can import a trusted certificate into a wallet in either of two ways: paste the trusted certificate from an e-mail that you receive from the certificate authority, or import the trusted certificate from a file.


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board