Oracle Database B10772-01 Administrator's Manual page 208

Certificate Validation with Certificate Revocation Lists
issuer's name. Then when the system validates a certificate, the same hash function
is used to calculate the link (or copy) name so the appropriate CRL can be loaded.
Depending on your operating system, enter one of the following commands to
rename CRLs stored in the file system.
To rename CRLs stored in UNIX file systems:
orapki crl hash -crl crl_filename [-wallet wallet_location] -symlink crl_
directory [-summary]
To rename CRLs stored in Windows file systems:
orapki crl hash -crl crl_filename [-wallet wallet_location] -copy crl_directory
[-summary]
where crl_filename is the name of the CRL file, wallet_location is the
location of a wallet that contains the certificate of the CA that issued the CRL, and
crl_directory is the directory where the CRL is located.
Using -wallet and -summary are optional. Specifying -wallet causes the tool to
verify the validity of the CRL against the CA's certificate prior to renaming the CRL.
Specifying the -summary option causes the tool to display the CRL issuer's name.
Uploading CRLs to Oracle Internet Directory
Publishing CRLs in the directory enables CRL validation throughout your
enterprise, eliminating the need for individual applications to configure their own
CRLs. All applications can use the CRLs stored in the directory where they can be
centrally managed, greatly reducing the administrative overhead of CRL
management and use.
The user who uploads CRLs to the directory by using orapki must be a member of
the directory group CRLAdmins (cn=CRLAdmins,cn=groups,%s_
OracleContextDN%). This is a privileged operation because these CRLs are
accessible to the entire enterprise. Contact your directory administrator to be added
to this administrative directory group.
To upload CRLs to the directory, enter the following at the command line:
orapki crl upload -crl crl_location -ldap hostname:ssl_port -user username
[-wallet wallet_location] [-summary]
where crl_location is the file name or URL where the CRL is located,
hostname and ssl_port (SSL port with no authentication) are for the system on
which your directory is installed, username is the directory user who has
7-42 Oracle Database Advanced Security Administrator's Guide