Oracle Database B10772-01 Administrator's Manual page 193

This check can be made only when RSA ciphers are
Note:
selected, which is the default setting.
No (default): SSL checks for a match between the DN and the service name,
but does not enforce it. Connections succeed regardless of the outcome, but
an error is logged if the match fails.
Let Client Decide: Enables the default.
The following alert appears when you select No:
Note:
Security Alert
Not enforcing the server X.509 name match allows a server to
potentially fake its identity. Oracle Corporation recommends
selecting YES for this option so that connections are refused when
there is a mismatch.
Choose File > Save Network Configuration.
6.
The sqlnet.ora file on the client is updated with the following entries:
SSL_CLIENT_AUTHENTICATION =TRUE
wallet_location =
(SOURCE=
(METHOD=File)
(METHOD_DATA=
(DIRECTORY=wallet_location)))
SSL_SERVER_DN_MATCH=(ON/OFF)
See Also:
For information about the server match parameters:
"SSL X.509 Server Match Parameters"
For information about using Oracle Net Manager to configure
TCP/IP with SSL:
Oracle Net Services Administrator's Guide
Oracle Net Services Reference Guide
on page B-10
Configuring Secure Sockets Layer Authentication 7-27
Enabling SSL