Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients


Free Oracle Tips


Free Oracle App Server Tips


Oracle support

Oracle training

Oracle tuning


Remote Oracle

Custom Oracle Training


  Oracle Tips by Burleson

Oracle 10g CRL Distribution Point

When the CA specifies a location in the CRL Distribution Point (CRL DP) X.509 version 3(certificate extension when the certificate is issued), then the appropriate CRL that contains revocation information for that certificate is downloaded. Currently, Oracle Advanced Security supports the ability to download CRLs over HTTP and LDAP.

Turning On CRL Processing

In order to turn on CRL processing, the ssl_cert_revocation parameter must be set to REQUIRED or REQUESTED in the sqlnet.ora  file to enable certificate revocation status checking. The certificate revocation status is checked against CRLs that are located in one of three possible places:

  • File system directories

  • Oracle Internet Directory,

  • Downloaded from the location specified in the CRL Distribution Point (CRL DP) extension on the certificate.

If no location is specified, the system checks in the CRL subtree of Oracle Internet Directory. By default the ssl_cert_revocation parameter is set to NONE, indicating that all certificate revocation status checking is turned off. The default is set this way for backward compatibility.

If you need to store CRLs on your local file system or in the Oracle Internet Directory, then you must use the command line tool, orapki to download the CRLs to your file system or upload them to the directory.

You can use orapki to perform the following tasks:

  • Rename CRL files so orapki can index them

  • Upload CRLs to an LDAP directory

  • List CRLs in an LDAP directory

  • View downloaded CRLs

As of, there is no documentation on orapki, except for some cryptic help entries and a non-functional command line Java wrapper program

The first attempt to run orapki had the JRE command line in the wrapper script pointing to a non-existent directory. This was corrected by taking out the lower case "jre" in the path. Specifying "orapki help" resulted in nothing except:

oracle@aultlin3 oracle] $ orapki help
orapki [crl|help]

Get the complete story:

The above text is an excerpt from "Oracle Database 10g New Features: Reference for Advanced Tuning and Administration", by Rampant TechPress.  Written by top Oracle experts, this book has a complete online code deport with ready to use scripts. 

To get the code instantly, click here:

Need an Oracle Mentor?

BEI is now offering personal mentors for Oracle DBAs where you can have an Oracle expert right at your fingertips, anytime day or night. We work with hundreds of Oracle databases every year, so we know exactly how to quickly assist you with any Oracle question.

Why risk an unplanned outage? You can now get telephone access to Don Burleson or any of his Oracle Certified DBAs with more than 20 years of full-time IT experience. Click here for details:


Oracle performance tuning book



Oracle performance tuning software

Oracle performance tuning software
Oracle performance Tuning 10g reference poster
Oracle training in Linux commands
Oracle training Excel


email BC:

Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.