Verify certificate revocation

Release version: Australia

Updated March 12, 2026

1 minute to read

The com.glide.communications.httpclient.verify_revoked_certificate property checks certificate revocation during the Transport Layer Security (TLS) handshake to ensure that security checks are not bypassed.

If the com.glide.communications.httpclient.verify_revoked_certificate system property isn't configured to the recommended value of true, certificate revocation checks will be skipped during the TLS handshake.

Ensure the property com.glide.communications.httpclient.verify_revoked_certificate is set to true.

More information


Attribute	Description
Configuration name	com.glide.communications.httpclient.verify_revoked_certificate
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	true
Category	Communications
Security risk	Severity score: 6.5 CVSS score: Medium Security risk details: This omission undermines a critical security control, potentially allowing an attacker to use a revoked certificate without detection. As a result, it compromises the integrity of the Public Key Infrastructure (PKI) and the trust model that underpins secure web communications.
Dependencies and prerequisites	None
Functional impact	This property should be set to true to ensure that a Transport Layer Security (TLS) session is started with an authentic endpoint. If this property is set to false, then the certificate is not checked, which could compromise the security of the instance.