Oracle HTTP Server Allows Revoked Client Certificates Access When Client Certificate Are Revoked By And CRL Issued By a Different SubCA
(Doc ID 1559703.1)
Last updated on JUNE 30, 2022
Oracle HTTP Server - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
- Trying to configure Oracle HTTP Server (OHS) for Certificate Revocation List (CRL) checking by following <Note 1269633.1> How to Configure CRL Checking in Oracle HTTP Server in FMW 11g (11.1.1.X)
- When accessing with a revoked certificate OHS is still allowing access when it should not
- The same problem occurs with either SSLCARevocationFile or SSLCARevocationPath
- With trace_level_server=16 set in the $ORACLE_HOME/network/admin/sqlnet.ora the resulting Net trace suggests that the CRL is not being read:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.