Corporation Network Router User Manual
Certificate Validation with Certificate Revocation Lists
7-40 Oracle Database Advanced Security Administrator's Guide
5.
Choose File > Save Network Configuration. The sqlnet.ora file is updated.
To disable certificate revocation status checking:
1. Navigate to the SSL tab of the Oracle Advanced Security window in Oracle Net
Manager, and select Configure SSL for: Server.
2. Choose NONE from the Revocation Check list.
3. Choose File > Save Network Configuration. The sqlnet.ora file is updated
with the following entry:
SSL_CERT_REVOCATION=NONE
Certificate Revocation List Management
Before you can enable certificate revocation status checking, you must ensure that
the CRLs you receive from the CAs you use are in a form (renamed with a hash
value) or in a location (uploaded to the directory) where your system can use them.
Oracle Advanced Security provides a command-line utility, orapki, that you can
use to perform the following tasks:
■ Displaying orapki Help
■ Renaming CRLs with a Hash Value for Certificate Validation
■ Uploading CRLs to Oracle Internet Directory
■ Listing CRLs Stored in Oracle Internet Directory
■ Viewing CRLs in Oracle Internet Directory
■ Deleting CRLs from Oracle Internet Directory
Note: When configuring your ldap.ora file, you should specify
only a non-SSL port for the directory. CRL download is done as
part of the SSL protocol, and making an SSL connection within an
SSL connection is not supported.
Oracle Advanced Security CRL functionality will not work if the
Oracle Internet Directory non-SSL port is disabled.
See Also: "Troubleshooting Certificate Validation" on page 7-45
for information about resolving certificate validation errors.