User's Manual
Certificate Validation with Certificate Revocation Lists
Configuring Secure Sockets Layer Authentication 7-47
2. If necessary, use the orapki utility to configure CRLs for system use as
follows:
– For CRLs stored on your local file system, see "Renaming CRLs with a
Hash Value for Certificate Validation" on page 7-41
– CRLs stored in the directory, see "Uploading CRLs to Oracle Internet
Directory" on page 7-42
OID hostname or port number not set
Cause: Oracle Internet Directory (OID) connection information is not set. Note
that this is not a fatal error. The search continues with CRL DP.
Action: If you want to store the CRLs in Oracle Internet Directory, then use
Oracle Net Configuration Assistant to create and configure an ldap.ora file
for your Oracle home. See "To create an ldap.ora file for your Oracle home:" on
page 12-7
Fetch CRL from CRL DP: No CRLs found
Cause: The CRL could not be fetched by using the CRL DP. This happens if the
certificate does not have a location specified in its CRL DP extension, or if the
URL specified in the CRL DP extension is incorrect.
Action: Manually download the CRL. Then depending on whether youwant to
store it on your local file system or in Oracle Internet Directory, perform the
following steps:
If you want to store the CRL on your local file system:
1. Use Oracle Net Manager to specify the path to the CRL directory or file. See
"Configuring Certificate Validation with Certificate Revocation Lists" on
page 7-37
2. Use the orapki utility to configure the CRL for system use. See "Renaming
CRLs with a Hash Value for Certificate Validation" on page 7-41
If you want to store the CRL in Oracle Internet Directory:
1. Use Oracle Net Configuration Assistant to create and configure an
ldap.ora file with directory connection information. See "To create an
ldap.ora file for your Oracle home:" on page 12-7
2. Use the orapki utility to upload the CRL to the directory. See "Uploading
CRLs to Oracle Internet Directory" on page 7-42