Apply Revocation Checking policy

Document ID : KB000074990
Last Modified Date : 28/05/2018
Show Technical Document Details
Introduction:
For using SSL/TLS connections to backend servers, corresponding certificates have to be installed with the Policy Manager.
CA API Gateway doesn't check certificate revocation by default but you can enable it by defining a revocation checking policy for CRL or OCSP.
Question:
Which certificate is validated with the selected Revocation checking policy? Should we set a revocation checking policy to the certificate itself or its issuer CA certificate?
Answer:
The revocation checking policy should be set to the issuer CA certificate. The policy is used with the certificate for validating the certificates issued by the CA.
For example, server certificates aren't imported to the CA API Gateway. The revocation checking policy for their issuer CA certificate is used for validating them.