||Oracle Tips by Burleson
Oracle 10g Enabling Certificate Revocation Status
Checking on the Client
You would use the following procedure to enable
CRL checking on the client side:
Start the oracle Net Manager GUI, go to the
SSL tab of the Oracle Advanced Security window, and select
Configure SSL for: Client.
Select one of the following options from
the Revocation Check list. Specifying a value for this field
outs the ssl_cert_revocation parameter in the sqlnet.ora file.
The values allowed are:
REQUIRED -- Setting the field to
REQUIRED mandates certificate revocation status checking.
The SSL connection will be rejected if a certificate is
revoked or no CRL is found. In REQUIRED mode, SSL
connections are accepted only if it can be verified that the
certificate has not been revoked.
REQUESTED -- Setting the field to
REQUESTED performs certificate revocation status checking if
a CRL is available. The SSL connection is rejected only if a
certificate is revoked. SSL connections are accepted if
either no CRL is found or the certificate has not been
Setting the ssl_cert_revocation
parameter to either REQUIRED or REQUESTED will enable
certificate revocation status checking. By default, the
system searches for CRLs first in the local file system,
then Oracle Internet Directory, and finally in the
certificate’s CRL DP extension.
Choose File > Save Network Configuration.
The sqlnet.ora file is updated with the appropriate value for
Get the complete story:
To get the code instantly, click here:
Need an Oracle Mentor?
BEI is now offering personal mentors for Oracle DBAs where you can have an
Oracle expert right at your fingertips, anytime day or night. We work with
hundreds of Oracle databases every year, so we know exactly how to quickly
assist you with any Oracle question.
Why risk an unplanned outage? You can now get telephone access to Don
Burleson or any of his Oracle Certified DBAs with more than 20 years of
full-time IT experience. Click here for details: