Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content

How to set certificate CRL check when BW acts as a server and not check when acts as a client


Recommended Posts

We have teh following flow:

External client with digicert --> BW --> Aws load balancer with ACM private CA cert

BW acts as a server to "External client" and acts as a client to AWS load balancer.

ACM cert's CRL distribution endpoint is removed as per requirement.

BW should validate CRL for External client's certificate. But BW should bypass CRL check on ACM cert since it doesn't have CRL distribution endpoint.

We have the following settings:

ava.property.com.sun.security.enableCRLDP=true

java.property.com.tibco.security.NoExplicitCAChain=true

java.property.com.tibco.security.CheckRevocation=true

java.property.com.sun.net.ssl.CheckRevocation=true

It fails with "final verification failed: java.security.cert.CertPathValidatorException: Could not determine revocation status"

How to configure BW so that it will check CRL on External client cert' but not on ACM cert.

Link to comment
Share on other sites

×
×
  • Create New...