For using SSL/TLS connections to backend servers, corresponding certificates have to be installed with the Policy Manager.
CA API Gateway doesn't check certificate revocation by default but you can enable it by defining a revocation checking policy for CRL or OCSP.
Which certificate is validated with the selected Revocation checking policy? Should we set a revocation checking policy to the certificate itself or its issuer CA certificate?