Apply Revocation Checking policy
Article ID: 74990
Updated On:
Products
CA API Gateway
Issue/Introduction
For using SSL/TLS connections to backend servers, corresponding certificates have to be installed with the Policy Manager.
CA API Gateway doesn't check certificate revocation by default but you can enable it by defining a revocation checking policy for CRL or OCSP.
Which certificate is validated with the selected Revocation checking policy? Should we set a revocation checking policy to the certificate itself or its issuer CA certificate?
CA API Gateway doesn't check certificate revocation by default but you can enable it by defining a revocation checking policy for CRL or OCSP.
Which certificate is validated with the selected Revocation checking policy? Should we set a revocation checking policy to the certificate itself or its issuer CA certificate?
Environment
All supported versions of the CA API Gateway
Resolution
The revocation checking policy should be set to the issuer CA certificate. The policy is used with the certificate for validating the certificates issued by the CA.
For example, server certificates aren't imported to the CA API Gateway. The revocation checking policy for their issuer CA certificate is used for validating them.
For example, server certificates aren't imported to the CA API Gateway. The revocation checking policy for their issuer CA certificate is used for validating them.
Feedback
Yes
No
Powered by
