cloudguru wrote:Another usefule concepts are: Certificate Data Store is different from certificate data file
CDS is new in R12.5. Certificate Data Store (CDS)
Releas note said: "The certificate data store is replacing the SiteMinder key database (smkeydatabase).
SiteMinder federation features use the certificate data store. "
When we use the policy store as the certificate database, this is used for federation and similar features
but for policy server to contact the LDAPS via SSL, to policy store, and if the certificate is in the policy store.... whatwould happen?
It is like you need a key to open the box, and the key is in the box.
Fact is, when policy server is using LDAP SDK from SunOne, and this has its own certificate database
that is the reason we need to satisfy the LDAP SDK's requirement = add CA certificate to its certificate database (it is a file called cert8.db)
that allows policy server to use the LDAP SDK to contact the LDAP(Policy store) in SSL.
This also applies to LDAP userstores using LDAP SDK