Oracle HTTP Server Allows Revoked Client Certificates Access When Client Certificate Are Revoked By And CRL Issued By a Different SubCA
(Doc ID 1559703.1)
Last updated on JUNE 29, 2021
Oracle HTTP Server - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
- Trying to configure Oracle HTTP Server (OHS) for Certificate Revocation List (CRL) checking by following <Note 1269633.1> How to Configure CRL Checking in Oracle HTTP Server in FMW 11g (11.1.1.X)
- When accessing with a revoked certificate OHS is still allowing access when it should not
- The same problem occurs with either SSLCARevocationFile or SSLCARevocationPath
- With trace_level_server=16 set in the $ORACLE_HOME/network/admin/sqlnet.ora the resulting Net trace suggests that the CRL is not being read:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.