Oracle Database B10772-01 Administrator's Manual page 210

Certificate Validation with Certificate Revocation Lists
following at the command line:
orapki crl display -crl crl_location [-wallet wallet_location] -summary
where crl_location is the location of the CRL in the directory. It is convenient to
paste the CRL location from the list that displays when you use the orapki crl
list command. See:
page 7-43.
To view a list of all revoked certificates contained in a specified CRL, which is
stored in Oracle Internet Directory, enter the following at the command line:
orapki crl display -crl crl_location [-wallet wallet_location] -complete
For example, the following orapki command:
orapki crl display -crl $T_WORK/pki/wlt_crl/nzcrl.txt -wallet $T_WORK/pki/wlt_
crl -complete
produces the following output, which lists the CRL issuer's DN, its publication date,
date of its next update, and the revoked certificates it contains:
issuer = CN=root,C=us, thisUpdate = Sun Nov 16 10:56:58 PST 2003, nextUpdate =
Mon Sep 30 11:56:58 PDT 2013, revokedCertificates = {(serialNo =
153328337133459399575438325845117876415, revocationDate - Sun Nov 16 10:56:58
PST 2003)}
CRL is valid
Using the -wallet option causes the orapki crl display command to
validate the CRL against the CA's certificate.
Depending on the size of your CRL, choosing the -complete option may take a
long time to display.
You can also use Oracle Directory Manager, a graphical user interface tool that is
provided with Oracle Internet Directory, to view CRLs in the directory. CRLs are
stored in the following directory location:
cn=CRLValidation,cn=Validation,cn=PKI,cn=Products,cn=OracleContext
Deleting CRLs from Oracle Internet Directory
The user who deletes CRLs from the directory by using orapki must be a member
of the directory group CRLAdmins. See
Directory"
To delete CRLs from the directory, enter the following at the command line:
orapki crl delete -issuer issuer_name -ldap host:ssl_port -user username
7-44 Oracle Database Advanced Security Administrator's Guide
"Listing CRLs Stored in Oracle Internet Directory"
on page 7-42 for information about this directory administrative group.
"Uploading CRLs to Oracle Internet
on