Table of Contents
Advertisement
Certificate Validation with Certificate Revocation Lists
5.
To disable certificate revocation status checking:
1.
2.
3.
Certificate Revocation List Management
Before you can enable certificate revocation status checking, you must ensure that
the CRLs you receive from the CAs you use are in a form (renamed with a hash
value) or in a location (uploaded to the directory) where your system can use them.
Oracle Advanced Security provides a command-line utility, orapki, that you can
use to perform the following tasks:
7-40 Oracle Database Advanced Security Administrator's Guide
When configuring your ldap.ora file, you should specify
Note:
only a non-SSL port for the directory. CRL download is done as
part of the SSL protocol, and making an SSL connection within an
SSL connection is not supported.
Oracle Advanced Security CRL functionality will not work if the
Oracle Internet Directory non-SSL port is disabled.
Choose File > Save Network Configuration. The sqlnet.ora file is updated.
Navigate to the SSL tab of the Oracle Advanced Security window in Oracle Net
Manager, and select Configure SSL for: Server.
Choose NONE from the Revocation Check list.
Choose File > Save Network Configuration. The sqlnet.ora file is updated
with the following entry:
SSL_CERT_REVOCATION=NONE
"Troubleshooting Certificate Validation"
See Also:
for information about resolving certificate validation errors.
Displaying orapki Help
Renaming CRLs with a Hash Value for Certificate Validation
Uploading CRLs to Oracle Internet Directory
Listing CRLs Stored in Oracle Internet Directory
Viewing CRLs in Oracle Internet Directory
Deleting CRLs from Oracle Internet Directory
on page 7-45
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?