Table of Contents
Advertisement
Certificate Validation with Certificate Revocation Lists
The process of determining whether a given certificate can be used in a given
context is referred to as certificate validation. Certificate validation includes
determining that
The SSL network layer automatically performs the first three validation checks, but
you must configure certificate revocation list (CRL) checking to ensure that
certificates have not been revoked. CRLs are signed data structures that contain a
list of revoked certificates. They are usually issued and signed by the same entity
who issued the original certificate. (See
This section contains the following topics:
What CRLs Should You Use?
You should have CRLs for all of the trust points that you honor. The trust points are
the trusted certificates from a third party identity that is qualified with a level of
trust. Typically, the certificate authorities you trust are called trust points.
does not give the complete chain and you do not have the appropriate trust
points to complete it.
Action: Use Oracle Wallet Manager to install the trust points that are required
to complete the chain. See
A trusted
certificate authority
The certificate's digital signature corresponds to the independently-calculated
hash value of the certificate itself and the certificate signer's (CA's) public key
The certificate has not expired
The certificate has not been revoked
What CRLs Should You Use?
How CRL Checking Works
Configuring Certificate Validation with Certificate Revocation Lists
Certificate Revocation List Management
Troubleshooting Certificate Validation
Certificate Validation with Certificate Revocation Lists
"Importing a Trusted Certificate"
(CA) has digitally signed the certificate
certificate revocation
Configuring Secure Sockets Layer Authentication 7-35
on page 8-25
lists)
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?