Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients


Free Oracle Tips


Free Oracle App Server Tips


Oracle support

Oracle training

Oracle tuning


Remote Oracle

Custom Oracle Training


  Oracle Tips by Burleson

Oracle 10g Certificate Validation with Certificate Revocation Lists (CRLs)

Certificate validation is an important element of enabling public key infrastructure (PKI) in an enterprise. If you use SSL in an Oracle environment, you can now validate the certificates presented by servers and clients for authentication. First off though, what the heck is a CRL?

Certificate Revocation Lists

Typically, a certificate from a Certificate Authority (CA) that binds a public key pair to a user identity is only valid for a specified period of time. However, certain security-related events, such as user name changes or compromised private keys, could render a certificate invalid before the validity period actually expires.

If this happens, the CA will revoke the certificate and add its serial number to a Certificate Revocation List (CRL). CAs will periodically publish CRLs to alert the user population of their certificates when it is no longer acceptable to use a particular public key to verify its associated user identity.

When servers in an Oracle environment receive client certificates, they check its validity date, signature, and revocation status. As you can guess, the certificate revocation status is checked by validating it against published CRL lists. When certificate revocation status checking is turned on in Oracle Database 10g, the server will search for the appropriate CRL depending on how this feature has been configured. The server will search for CRLs in the following locations:

  • The local file system

  • The specified Oracle Internet Directory

When the CRL cannot be found on the local file system, the server searches the CRL directory subtree in the Oracle Internet Directory by using the CA’s distinguished name (DN) and the DN of the CRL Directory subtree.

Get the complete story:

The above text is an excerpt from "Oracle Database 10g New Features: Reference for Advanced Tuning and Administration", by Rampant TechPress.  Written by top Oracle experts, this book has a complete online code deport with ready to use scripts. 

To get the code instantly, click here:

Need an Oracle Mentor?

BEI is now offering personal mentors for Oracle DBAs where you can have an Oracle expert right at your fingertips, anytime day or night. We work with hundreds of Oracle databases every year, so we know exactly how to quickly assist you with any Oracle question.

Why risk an unplanned outage? You can now get telephone access to Don Burleson or any of his Oracle Certified DBAs with more than 20 years of full-time IT experience. Click here for details:


Oracle performance tuning book



Oracle performance tuning software

Oracle performance tuning software
Oracle performance Tuning 10g reference poster
Oracle training in Linux commands
Oracle training Excel


email BC:

Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.