Corporation Network Router User Manual
Certificate Validation with Certificate Revocation Lists
Configuring Secure Sockets Layer Authentication 7-37
Configuring Certificate Validation with Certificate Revocation Lists
The SSL_CERT_REVOCATION parameter must be set to REQUIRED or REQUESTED
in the sqlnet.ora file to enable certificate revocation status checking. By default
this parameter is set to NONE indicating that certificate revocation status checking is
turned off.
To enable certificate revocation status checking for the client or the server:
1. Navigate to the SSL tab of the Oracle Advanced Security window in Oracle Net
Manager, and select either Client or Server for the Configure SSL for: field.
Note:
■ For performance reasons, only user certificates are checked.
■ Oracle recommends that you store CRLs in the directory rather
than the local file system.
Note: If you want to store CRLs on your local file system or in
Oracle Internet Directory, then you must use the command line
utility, orapki, to rename CRLs in your file system or upload them
to the directory. See: "Certificate Revocation List Management" on
page 7-40 for information about using orapki.