Justin Jeyakumar 2 Posted March 10, 2022 Share Posted March 10, 2022 We have teh following flow: External client with digicert --> BW --> Aws load balancer with ACM private CA cert BW acts as a server to "External client" and acts as a client to AWS load balancer. ACM cert's CRL distribution endpoint is removed as per requirement. BW should validate CRL for External client's certificate. But BW should bypass CRL check on ACM cert since it doesn't have CRL distribution endpoint. We have the following settings: ava.property.com.sun.security.enableCRLDP=true java.property.com.tibco.security.NoExplicitCAChain=true java.property.com.tibco.security.CheckRevocation=true java.property.com.sun.net.ssl.CheckRevocation=true It fails with "final verification failed: java.security.cert.CertPathValidatorException: Could not determine revocation status" How to configure BW so that it will check CRL on External client cert' but not on ACM cert. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now