Apply Revocation Checking policy

book

Article ID: 74990

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

For using SSL/TLS connections to backend servers, corresponding certificates have to be installed with the Policy Manager.
CA API Gateway doesn't check certificate revocation by default but you can enable it by defining a revocation checking policy for CRL or OCSP.

Which certificate is validated with the selected Revocation checking policy? Should we set a revocation checking policy to the certificate itself or its issuer CA certificate?

Environment

Release:
Component: APIGTW

Resolution

The revocation checking policy should be set to the issuer CA certificate. The policy is used with the certificate for validating the certificates issued by the CA.
For example, server certificates aren't imported to the CA API Gateway. The revocation checking policy for their issuer CA certificate is used for validating them.