Revoked certificate verification
Use this property to disable the certification verification process that evaluates all certifications in the certification chain by checking the revocation status.
API calls that use the high-security plugin may want to configure this property. If the full certification chain is not defined in the instance trust store or the certificates used may not be compatible with an OCSP (Online Certificate Status Protocol) revocation check, errors may be returned to the API calls.
The certificate revocation check can be turned off by setting property com.glide.communications.httpclient.verify_revoked_certificate to false.
Errors associated with an inability to make the check are NPE, SSLPeerUnverifiedException, CertPathValidatorException. These errors may be wrapped in an HttpException. Several factors can affect the ability to do a successful check:
- The URI must be accessible to the instance. Note that the original OCSP implementation may not have access to a proxied connection.
- The referrer OCSP service must be online when the check is made.
More information
| Attribute | Description |
|---|---|
| Property name | com.glide.communications.httpclient.verify_revoked_certificate |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Disable the certificate verification process which evaluates all certificates in the certificate chain by checking the revocation status. Only a self signed server certificate would need to be loaded into the instance trust store. |
| Type | true | false |
| Default value | true |
| Recommended value | true |
| Functional impact | (Medium) |
| Security risk | (Medium) API calls using the High Security plugin will not be verified using an OCSP revocation check in the instance trust store. |
| References |
To learn more about adding or creating a system property, see Add a system property.