My Oracle Support Banner

FAQs on Oracle JDK and Support of CRL and OCSP (Doc ID 2959864.1)

Last updated on JULY 20, 2023

Applies to:

Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.

Purpose

Certificate Revocation Lists (CRLs) make known any certificates and keys that clients and servers should no longer trust. If data in a certificate changes (for example, a user changes offices or leaves the organization before the certificate expires) the certificate is revoked, and its data appears in a CRL. CRLs are produced and periodically updated by a Certificate Authority (CA).

The purpose of this document is to provide brief answers to commonly asked questions about CRLs and Oracle JDK.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Questions and Answers
 1. Does Oracle JDK support CRL?  
 2. Does Oracle JDK support configuring downloaded CRLs or lists of CRL files as input? Does it support downloading the CRL file from CRL Distribution Points (CRLDPs)?
 3. If yes, is the download frequency configurable? Does it support configuring additional CRLDPs, apart from the CRLDP embedded in the certificate? If yes, does the configured CRLDP URL act as a fallback to the missing embedded CRLDPs, or does it override the embedded certificate CRLDPs?
 4. If no CRLDP is configured or found in a certificate, but revocation checks are enabled, what is the behavior? Do TLS handshakes fail? 
 5. Does Oracle JDK support Online Certificate Status Protocol (OCSP) responder URL from peer certificate or explicit configuration or both? From Authority Information Access (AIA), is the explicit property/configuration allowed?
 6. Does Oracle JDK support sending a notification when a TLS handshake fails due to certificate revocation?
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.