1. Help Reference for Oracle Access Management Consoles
  2. Configuration Help
  3. Certificate Validation Help
  4. Certificate Validation

11.1 Certificate Validation

The Certification Validation module is used by the Security Token Service to validate X.509 tokens and to verify whether or not the certificates have been revoked.

Certificate Revocation List

The Certificate Revocation List (CRL) page lists certificates that can be revoked. Revoked certificates are listed with a reason, an issue date, and the issuing entity. When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for the particular user.

The following table describes the elements in the Certificate Revocation List section of the Certificate Validation page:

Element Description

Actions

Choose options from the menu to perform the following operations:

  • Add - Click the Add button, in Add CA CRL dialog box, browse for the CRL file, select it, and click Import.

  • Delete - Select a row in the table and choose Delete, in the confirm pop-up click Yes to remove the row or click No to retain the row.

View

Choose commands from the menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

  • Query By Example- Click to show or hide the filter row that is displayed above the column headers to query on the columns.

Add

Click the Add button, in Add CA CRL dialog box, browse for the CRL file, select it, and click Import.

Delete

Select a row in the table and click Delete, in the confirm pop-up click Yes to remove the row or click No to retain the row.

Query By Example

Click to show or hide the filter row that is displayed above the column headers to query on the columns.

Clear All

Click to clear all the entries in the filter row.

Row

Displays the row number.

Issuer

Displays the entity name that issued the certificate.

Date Issued

Displays the certificate issue date.

Renewal Date

Displays the proposed date for renewal.

Enabled

Select to enable the Certificate Revocation List functionality.

Apply

Click Apply to save the configuration.

Revert

Click Revert to revert back the changes.

OCSP/CDP

The Online Certificate Status Protocol (OCSP) was developed as an alternative to CRLs. OCSP specified how the client application that requests information on a certificate's status will obtain it from the server that responds to the request. An OCSP responder can return a signed response signifying that the certificate specified in the request is either good, revoked or unknown. If the OCSP cannot process the request, it returns an error code.

The CRL Distribution Point extension (CDP) contains information regarding the location of the CRLs and OCSP servers.

The following table describes the elements in the OCSP/CDP section of the Certificate Validation page:

Element Description

OCSP Enabled

Select to enable OCSP.

OCSP URL

Enter the URL of the OCSP Service.

OCSP Certificate Subject

Enter the Subject DN of the OCSP Service.

CDP Enabled

Select to Enable CDP.

Apply

Click to save this configuration.

Revert

Click to revert back the changes.

Related Topics

Managing Common Services and Certificate Validation in Administrator's Guide for Oracle Access Management