Use this page to specify whether expired certificates can be revoked. Note: When enabled, this policy applies to all certificate revocation requests from both clients and servers. To provide different limits for certificate revocation requests from particular DNs, use predicates as described in the following section.
You can modify the following parameters and restrictions for this policy:
allow revocation of expired certificates
Check this parameter to turn it on. When checked, expired certificates can be revoked, and when unchecked they cannot. By default this parameter is checked.
Predicate expressions are optional, altering application of this policy when an incoming request matches a predicate expression. A policy with no predicates applies to all requests. For example, the following predicate expression specifies that client certificates from the United Kingdom Acme Company sales department (ou=sales,o=acme,c=uk) are subject to the parameter setting chosen for this predicate:
Type=="client" AND DN=="ou=sales,o=acme,c=uk"
For detailed information about predicate expression syntax, see the Oracle Certificate Authority Administrator's Guide.
The buttons at the bottom of the page perform the functions described in the following table:
|
Button Name |
Function Description |
|---|---|
|
Revert |
Click this button to reset all changed parameters and predicates to their previous values. |
|
Apply |
Click this button to apply any changes made to this page. |
|
Cancel |
Click this button to cancel any changes made to this page and return to the main Policy page. |
|
OK |
Click this button to return to the main Policy page. Any changes made to this page are automatically saved. |