11.1 Certificate Validation
The Certification Validation module is used by the Security Token Service to validate X.509 tokens and to verify whether or not the certificates have been revoked.
Certificate Revocation List
The Certificate Revocation List (CRL) page lists certificates that can be revoked. Revoked certificates are listed with a reason, an issue date, and the issuing entity. When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for the particular user.
The following table describes the elements in the Certificate Revocation List section of the Certificate Validation page:
Element | Description |
---|---|
Actions |
Choose options from the menu to perform the following operations:
|
View |
Choose commands from the menu to control how the columns are displayed:
|
Add |
Click the Add button, in Add CA CRL dialog box, browse for the CRL file, select it, and click Import. |
Delete |
Select a row in the table and click Delete, in the confirm pop-up click Yes to remove the row or click No to retain the row. |
|
Click to show or hide the filter row that is displayed above the column headers to query on the columns. |
|
Click to clear all the entries in the filter row. |
Row |
Displays the row number. |
Issuer |
Displays the entity name that issued the certificate. |
Date Issued |
Displays the certificate issue date. |
Renewal Date |
Displays the proposed date for renewal. |
Enabled |
Select to enable the Certificate Revocation List functionality. |
Apply |
Click Apply to save the configuration. |
Revert |
Click Revert to revert back the changes. |
OCSP/CDP
The Online Certificate Status Protocol (OCSP) was developed as an alternative to CRLs. OCSP specified how the client application that requests information on a certificate's status will obtain it from the server that responds to the request. An OCSP responder can return a signed response signifying that the certificate specified in the request is either good, revoked or unknown. If the OCSP cannot process the request, it returns an error code.
The CRL Distribution Point extension (CDP) contains information regarding the location of the CRLs and OCSP servers.
The following table describes the elements in the OCSP/CDP section of the Certificate Validation page:
Element | Description |
---|---|
OCSP Enabled |
Select to enable OCSP. |
OCSP URL |
Enter the URL of the OCSP Service. |
OCSP Certificate Subject |
Enter the Subject DN of the OCSP Service. |
CDP Enabled |
Select to Enable CDP. |
Apply |
Click to save this configuration. |
Revert |
Click to revert back the changes. |
Related Topics
Managing Common Services and Certificate Validation in Administrator's Guide for Oracle Access Management