Oracle HTTP Server Allows Revoked Client Certificates Access When Client Certificate Are Revoked By And CRL Issued By a Different SubCA (Doc ID 1559703.1)

Last updated on JULY 03, 2023

Applies to:

Oracle HTTP Server - Version 11.1.1.0.0 and later
Information in this document applies to any platform.

Trying to configure Oracle HTTP Server (OHS) for Certificate Revocation List (CRL) checking by following <Note 1269633.1> How to Configure CRL Checking in Oracle HTTP Server in FMW 11g (11.1.1.X)
When accessing with a revoked certificate OHS is still allowing access when it should not
The same problem occurs with either SSLCARevocationFile or SSLCARevocationPath
With trace_level_server=16 set in the $ORACLE_HOME/network/admin/sqlnet.ora the resulting Net trace suggests that the CRL is not being read:

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Symptoms

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.