Corporation Network Router User Manual
orapki Utility Commands Summary
orapki Utility E-11
The -ldap parameter specifies the hostname and SSL port for the directory server
from where you want to list CRLs. Note that this must be a directory SSL port with
no authentication. See "Uploading CRLs to Oracle Internet Directory" on page 7-42
for more information about this port.
orapki crl upload
Purpose
Use this command to upload certificate revocation lists (CRLs) to the CRL subtree in
Oracle Internet Directory. Note that you must be a member of the directory
administrative group CRLAdmins (cn=CRLAdmins,cn=groups,%s_
OracleContextDN%) to upload CRLs to the directory.
Syntax
orapki crl upload -crl <crl_location> -ldap <hostname:ssl_port> -user <username>
[-wallet <wallet_location>] [-summary]
■ The -crl parameter specifies the directory location or the URL where the CRL
is located that you are uploading to the directory.
■ The -ldap parameter specifies the hostname and SSL port for the directory
where you are uploading the CRLs. Note that this must be a directory SSL port
with no authentication. See "Uploading CRLs to Oracle Internet Directory" on
page 7-42 for more information about this port.
■ The -user parameter specifies the username of the directory user who has
permission to add CRLs to the CRL subtree in the directory.
■ The -wallet parameter specifies the location of the wallet that contains the
certificate of the certificate authority (CA) who issued the CRL. This is an
optional parameter. Using it causes the tool to verify the validity of the CRL
against the CA's certificate prior to uploading it to the directory.
■ The -summary parameter is also optional. Using it causes the tool to display
the CRL issuer's name and the LDAP entry where the CRL is stored in the
directory.