Apply Revocation Checking policy
search cancel

Apply Revocation Checking policy


Article ID: 74990


Updated On:


CA API Gateway


For using SSL/TLS connections to backend servers, corresponding certificates have to be installed with the Policy Manager.
CA API Gateway doesn't check certificate revocation by default but you can enable it by defining a revocation checking policy for CRL or OCSP.

Which certificate is validated with the selected Revocation checking policy? Should we set a revocation checking policy to the certificate itself or its issuer CA certificate?


All supported versions of the CA API Gateway


The revocation checking policy should be set to the issuer CA certificate. The policy is used with the certificate for validating the certificates issued by the CA.
For example, server certificates aren't imported to the CA API Gateway. The revocation checking policy for their issuer CA certificate is used for validating them.