Edit D:\rfid\database\database\doc\win.112\e10845\pki.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <meta http-equiv="Content-Language" content="en" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <meta name="robots" content="all" scheme="http://www.robotstxt.org/" /> <meta name="generator" content="Oracle DARB XHTML Converter (Mode = document) - Version 5.1" /> <meta name="Date" content="2010-03-05T15:45:38Z" /> <meta name="doctitle" content="Oracle® Database Platform Guide 11g Release 2 (11.2) for Microsoft Windows" /> <meta name="partno" content="E10845-01" /> <meta name="docid" content="NTQRF" /> <link rel="Start" href="../../index.htm" title="Home" type="text/html" /> <link rel="Copyright" href="../../dcommon/html/cpyr.htm" title="Copyright" type="text/html" /> <link rel="Stylesheet" href="../../dcommon/css/blafdoc.css" title="Default" type="text/css" /> <script type="text/javascript" src="../../dcommon/js/doccd.js"> </script> <link rel="Contents" href="toc.htm" title="Contents" type="text/html" /> <link rel="Index" href="index.htm" title="Index" type="text/html" /> <link rel="Glossary" href="glossary.htm" title="Glossary" type="text/html" /> <link rel="Prev" href="wallets.htm" title="Previous" type="text/html" /> <link rel="Next" href="active_dir.htm" title="Next" type="text/html" /> <link rel="alternate" href="../e10845.pdf" title="PDF version" type="application/pdf" /> <title>Oracle PKI Integration with Windows</title> </head> <body> <div class="header"> <div class="zz-skip-header"><a name="top" id="top" href="#BEGIN">Skip Headers</a></div> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <tr> <td align="left" valign="top"><b>Oracle® Database Platform Guide<br /> 11<i>g</i> Release 2 (11.2) for Microsoft Windows</b><br /> Part Number E10845-01</td> <td valign="bottom" align="right"> <table class="icons oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="245"> <tr> <td align="center" valign="top"><a href="../../index.htm"><img width="24" height="24" src="../../dcommon/gifs/doclib.gif" alt="Go to Documentation Home" /><br /> <span class="icon">Home</span></a></td> <td align="center" valign="top"><a href="../../nav/portal_booklist.htm"><img width="24" height="24" src="../../dcommon/gifs/booklist.gif" alt="Go to Book List" /><br /> <span class="icon">Book List</span></a></td> <td align="center" valign="top"><a href="toc.htm"><img width="24" height="24" src="../../dcommon/gifs/toc.gif" alt="Go to Table of Contents" /><br /> <span class="icon">Contents</span></a></td> <td align="center" valign="top"><a href="index.htm"><img width="24" height="24" src="../../dcommon/gifs/index.gif" alt="Go to Index" /><br /> <span class="icon">Index</span></a></td> <td align="center" valign="top"><a href="../../dcommon/html/feedback.htm"><img width="24" height="24" src="../../dcommon/gifs/feedbck2.gif" alt="Go to Feedback page" /><br /> <span class="icon">Contact Us</span></a></td> </tr> </table> </td> </tr> </table> <hr /> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <tr> <td align="left" valign="top"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="98"> <tr> <td align="center" valign="top"><a href="wallets.htm"><img width="24" height="24" src="../../dcommon/gifs/leftnav.gif" alt="Go to previous page" /><br /> <span class="icon">Previous</span></a></td> <td align="center" valign="top"><a href="active_dir.htm"><img width="24" height="24" src="../../dcommon/gifs/rightnav.gif" alt="Go to next page" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </td> <td align="right" valign="top" style="font-size: 90%"><a href="../e10845.pdf">View PDF</a></td> </tr> </table> <a name="BEGIN" id="BEGIN"></a></div> <div class="IND"><!-- End Header --><a id="g1006921" name="g1006921"></a><a id="NTQRF160" name="NTQRF160"></a> <h1 class="chapter"><span class="secnum">12</span> Oracle PKI Integration with Windows</h1> <p>This chapter describes integration of Oracle public key infrastructure (PKI) with public key infrastructure (Windows PKI) on Windows operating systems.</p> <p>This chapter contains the following topics:</p> <ul> <li> <p><a href="#i1005627">Oracle Public Key Infrastructure</a></p> </li> <li> <p><a href="#i1005636">Windows Public Key Infrastructure</a></p> </li> </ul> <a id="i1005627" name="i1005627"></a><a id="NTQRF359" name="NTQRF359"></a> <div class="sect1"><!-- infolevel="all" infotype="General" --> <h2 class="sect1"><a id="sthref485" name="sthref485"></a>Oracle Public Key Infrastructure</h2> <p>Oracle public key infrastructure (PKI) is used by Oracle Enterprise Security Manager, <a href="glossary.htm#i433151"><span class="xrefglossterm">LDAP</span></a>-enabled Oracle Enterprise Manager, Oracle's Secure Socket Layer (SSL) authentication, Oracle Database, and Oracle Application Server.</p> <div class="infoboxnote"> <p class="notep1">Note:</p> Oracle Security Manager is installed only with Oracle Database Client.</div> <p>Oracle PKI includes the following components:</p> <ul> <li> <p>Oracle Wallets</p> </li> <li> <p>Oracle Wallet Manager (OWM)</p> </li> </ul> <p>Oracle Wallets store <a href="glossary.htm#i433039"><span class="xrefglossterm">digital certificates</span></a>, <a href="glossary.htm#i433276"><span class="xrefglossterm">trust points</span></a>, and <a href="glossary.htm#i433212"><span class="xrefglossterm">private keys</span></a> used in public key applications for <a href="glossary.htm#i433060"><span class="xrefglossterm">encryption</span></a>, <a href="glossary.htm#i433030"><span class="xrefglossterm">decryption</span></a>, <a href="glossary.htm#i433048"><span class="xrefglossterm">digital signature</span></a>, and verification.</p> </div> <!-- class="sect1" --> <a id="i1005636" name="i1005636"></a><a id="NTQRF360" name="NTQRF360"></a> <div class="sect1"><!-- infolevel="all" infotype="General" --> <h2 class="sect1">Windows Public Key Infrastructure</h2> <p>This section describes Windows public key infrastructure.</p> <p>This section contains these topics:</p> <ul> <li> <p><a href="#i1005930">Microsoft Certificate Stores</a></p> </li> <li> <p><a href="#i1005935">Microsoft Certificate Services</a></p> </li> <li> <p><a href="#BGBEJDCH">Using Microsoft Certificate Stores with Oracle PKI Applications</a></p> <div class="infoboxnote"> <p class="notep1">Note:</p> Microsoft Certificate Store integration works only with digital certificates that use Microsoft Enhanced Cryptographic Provider. To create these certificates, you must install Windows High Encryption Pack and select Microsoft Enhanced Cryptographic Provider. Also, when there are multiple certificates available for the same key usage (signature/key exchange), the first certificate retrieved will be used for Oracle SSL.</div> </li> </ul> <a id="i1005930" name="i1005930"></a><a id="NTQRF361" name="NTQRF361"></a> <div class="sect2"><!-- infolevel="all" infotype="General" --> <h3 class="sect2"><a id="sthref486" name="sthref486"></a>Microsoft Certificate Stores</h3> <p>Microsoft Certificate Stores are repositories for storing digital certificates and their associated properties. Windows operating systems store digital certificates and certificate revocation lists in logical and physical stores. Logical stores contain pointers to <a href="glossary.htm#i433230"><span class="xrefglossterm">public key</span></a> objects in physical stores. Logical stores enable public key objects to be shared between users, computers, and services without requiring storage of duplicates of objects for each user, computer, or <a href="glossary.htm#i432487"><span class="xrefglossterm">services</span></a>. Public key objects are physically stored in the <a href="glossary.htm#i432474"><span class="xrefglossterm">registry</span></a> of the local computer or, for some user certificates, in Active Directory. Standard system certificate stores defined by Microsoft include:</p> <ul> <li> <p>MY or Personal</p> </li> <li> <p>CA</p> </li> <li> <p>ROOT</p> </li> </ul> <p>MY or Personal holds a user's certificates for which the associated private key is available. The MY certificate store maintains certificate properties that indicate the Cryptographic Service Provider (CSP) associated with the private key. An application uses this information to obtain the private key from the CSP for the associated certificate. CA holds issuing or intermediate <a href="glossary.htm#i432960"><span class="xrefglossterm">certificate authority</span></a> (CA) certificates. ROOT holds only self-signed CA certificates for trusted root CAs.</p> </div> <!-- class="sect2" --> <a id="i1005935" name="i1005935"></a><a id="NTQRF362" name="NTQRF362"></a> <div class="sect2"><!-- infolevel="all" infotype="General" --> <h3 class="sect2"><a id="sthref487" name="sthref487"></a>Microsoft Certificate Services</h3> <p>Microsoft Certificate Services (MCS) consists of the following modules:</p> <ul> <li> <p>Server Engine</p> </li> <li> <p>Intermediary</p> </li> <li> <p>Policy</p> </li> </ul> <p>Server Engine handles all certificate requests. It interacts with other modules at each processing stage to ensure that the proper action is taken based on the state of the request. The Intermediary module receives requests for new certificate from clients and then submits them to Server Engine. The Policy module contains the set of rules controlling the issuance of certificates. This module may be upgraded or customized as needed.</p> </div> <!-- class="sect2" --> <a id="BGBEJDCH" name="BGBEJDCH"></a><a id="NTQRF363" name="NTQRF363"></a> <div class="sect2"><!-- infolevel="all" infotype="General" --> <h3 class="sect2"><a id="sthref488" name="sthref488"></a>Using Microsoft Certificate Stores with Oracle PKI Applications</h3> <p>Wallet Resource Locator (WRL) specifies that parameter <code>WALLET_LOCATION</code> in file <code>sqlnet.ora</code> identifies a particular PKI. You can choose between using Oracle Wallet or Microsoft Certificate Stores by setting parameter <code>WALLET_LOCATION</code> in <code>sqlnet.ora</code>. To use <a href="glossary.htm#i433015"><span class="xrefglossterm">credentials</span></a> from Microsoft Certificate Stores, set parameter <code>WALLET_LOCATION</code> in <code>sqlnet.ora</code> to:</p> <pre xml:space="preserve" class="oac_no_warn">WALLET_LOCATION = (SOURCE = (METHOD=MCS)) </pre> <p>The Oracle application uses Oracle's TCP/IP with SSL protocol (TCPS) to connect to Oracle Server. The SSL protocol uses X.509 certificates and trust points from the user's Microsoft Certificate Store for SSL authentication.</p> </div> <!-- class="sect2" --></div> <!-- class="sect1" --></div> <!-- class="ind" --> <div class="footer"> <hr /> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="33%" /> <col width="*" /> <col width="33%" /> <tr> <td align="left"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="98"> <tr> <td align="center" valign="top"><a href="wallets.htm"><img width="24" height="24" src="../../dcommon/gifs/leftnav.gif" alt="Go to previous page" /><br /> <span class="icon">Previous</span></a></td> <td align="center" valign="top"><a href="active_dir.htm"><img width="24" height="24" src="../../dcommon/gifs/rightnav.gif" alt="Go to next page" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </td> <td style="font-size: 90%" align="center" class="copyrightlogo"><img width="144" height="18" src="../../dcommon/gifs/oracle.gif" alt="Oracle" /><br /> Copyright © 1996, 2010, Oracle and/or its affiliates. All rights reserved.<br /> <a href="../../dcommon/html/cpyr.htm">Legal Notices</a></td> <td align="right"> <table class="icons oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="245"> <tr> <td align="center" valign="top"><a href="../../index.htm"><img width="24" height="24" src="../../dcommon/gifs/doclib.gif" alt="Go to Documentation Home" /><br /> <span class="icon">Home</span></a></td> <td align="center" valign="top"><a href="../../nav/portal_booklist.htm"><img width="24" height="24" src="../../dcommon/gifs/booklist.gif" alt="Go to Book List" /><br /> <span class="icon">Book List</span></a></td> <td align="center" valign="top"><a href="toc.htm"><img width="24" height="24" src="../../dcommon/gifs/toc.gif" alt="Go to Table of Contents" /><br /> <span class="icon">Contents</span></a></td> <td align="center" valign="top"><a href="index.htm"><img width="24" height="24" src="../../dcommon/gifs/index.gif" alt="Go to Index" /><br /> <span class="icon">Index</span></a></td> <td align="center" valign="top"><a href="../../dcommon/html/feedback.htm"><img width="24" height="24" src="../../dcommon/gifs/feedbck2.gif" alt="Go to Feedback page" /><br /> <span class="icon">Contact Us</span></a></td> </tr> </table> </td> </tr> </table> </div> <noscript> <p>Scripting on this page enhances content navigation, but does not change the content in any way.</p> </noscript> </body> </html>
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de