Appendix D: Differences between IBM and Oracle versions of CertPath
The IBM® CertPath classes differ from the Oracle version in the following ways:
- The IBM CertPath provider is in the package com.ibm.security.cert.
- The IBM CertPath provider is called IBMCertPath. Oracle does not have a separate provider for CertPath.
- To enable CRL Distribution Points extension checking, use the system property com.ibm.security.enableCRLDP. The system property used by the Oracle version is com.sun.security.enableCRLDP.
- When checking the CRL Distribution Points extension of the certificate, the Oracle CertPath provider retrieves the CRL only if the CRL location is specified as an HTTP URL value inside the extension. The IBM provider recognizes both HTTP and LDAP URLs.
- The IBM implementation of CertPath supports the processing of both complete CRLs and delta CRLs. Setting the com.ibm.security.enableDELTACRL system property to true enables the use of both delta CRLs and complete CRLs if revocation checking is enabled by the caller. If com.ibm.security.enableDELTACRL is set to false, or is not set, only complete CRLs are used.