User Guide
Certificate Validation with Certificate Revocation Lists
Configuring Secure Sockets Layer Authentication 7-43
permission to add CRLs to the CRL subtree, and wallet_location is the location
of a wallet that contains the certificate of the CA that issued the CRL.
Using -wallet and -summary are optional. Specifying -wallet causes the tool to
verify the validity of the CRL against the CA's certificate prior to uploading it to the
directory. Specifying the -summary option causes the tool to print the CRL issuer's
name and the LDAP entry where the CRL is stored in the directory.
Listing CRLs Stored in Oracle Internet Directory
You can display a list of all CRLs stored in the directory with orapki, which is
useful for browsing to locate a particular CRL to view or download to your local
system. This command displays the CA who issued the CRL (Issuer) and its
location (DN) in the CRL subtree of your directory.
To list CRLs in Oracle Internet Directory, enter the following at the command line:
orapki crl list -ldap hostname:ssl_port
where the hostname and ssl_port are for the system on which your directory is
installed. Note that this is the directory SSL port with no authentication as
described in the preceding section.
Viewing CRLs in Oracle Internet Directory
You can view specific CRLs that are stored in Oracle Internet Directory in a
summarized format or you can request a complete listing of revoked certificates for
the specified CRL. A summary listing provides the CRL issuer's name and its
validity period. A complete listing provides a list of all revoked certificates
contained in the CRL.
To view a summary listing of a CRL in Oracle Internet Directory, enter the
Note:
■ The orapki utility will prompt you for the directory password
when you perform this operation.
■ Ensure that you specify the directory SSL port on which the
Diffie-Hellman-based SSL server is running. This is the SSL
port that does not perform authentication. Neither the server
authentication nor the mutual authentication SSL ports are
supported by the orapki utility.










