Appendix D: Differences between IBM and Oracle versions of CertPath

The IBM® CertPath classes differ from the Oracle version in the following ways:

  • The IBM CertPath provider is in the package
  • The IBM CertPath provider is called IBMCertPath. Oracle does not have a separate provider for CertPath.
  • To enable CRL Distribution Points extension checking, use the system property The system property used by the Oracle version is
  • When checking the CRL Distribution Points extension of the certificate, the Oracle CertPath provider retrieves the CRL only if the CRL location is specified as an HTTP URL value inside the extension. The IBM provider recognizes both HTTP and LDAP URLs.
  • The IBM implementation of CertPath supports the processing of both complete CRLs and delta CRLs. Setting the system property to true enables the use of both delta CRLs and complete CRLs if revocation checking is enabled by the caller. If is set to false, or is not set, only complete CRLs are used.