Oracle Database B10772-01 Administrator's Manual page 405

Purpose Use this parameter to force the server's
(DN)
verifications, SSL ensures that the certificate is from the server.
If you choose to not enforce the match verification, SSL
performs the check but permits the connection, regardless if
there is a match. Not forcing the match lets the server potentially
fake its identity.
Values yes|on|true—Specify to enforce a match. If the DN
matches the service name, the connection succeeds; otherwise,
the connection fails.
no|off|false—Specify to not enforce a match. If the DN
does not match the service name, the connection is successful,
but an error is logged to the sqlnet.log file.
Default Oracle8i, or later:.FALSE. SSL client (always) checks server
DN. If it does not match the service name, the connection
succeeds but an error is logged to sqlnet.log file.
Usage Notes Additionally configure the tnsnames.ora parameter SSL_
SERVER_CERT_DN to enable server DN matching.
SSL_SERVER_CERT_DN
SSL_SERVER_CERT_DN
Parameter Name
Where stored tnsnames.ora—Can be stored on the client, for every server
it connects to, OR it can be stored in the LDAP directory, for
every server it connects to, updated centrally.
Purpose This parameter specifies the
server. The client uses this information to obtain the list of
DNs it expects for each of the servers—to force the server's
DN to match its service name.
Set equal to
Values
Default n/a
Usage Notes Additionally configure the sqlnet.ora parameter SSL_
SERVER_DN_MATCH to enable server DN matching.
Parameters for Clients and Servers using SSL
to match its service name. If you force the match
distinguished name (DN)
distinguished name
distinguished name (DN)
of the server.
Authentication Parameters B-11
of the