Page History
...
- If you have never started WSO2 Identity Server before, the configurations should be made on the
certificate-validation.xml
file. - If you have started WSO2 Identity Server at leasts once, the configurations should be made on the registry parameters.
Disabling Certificate Validation
...
in an Unstarted WSO2 IS Pack
Follow the steps below to disable certificate validation if WSO2 Identity Server was never started.
- Open the
certificate-validation.xml
file in the<IS_HOME>/repository/conf/security
repository. - Disable certificate validation.
- To disable CRL-based certificate validation, set the
enable
sub-parameter of theorg.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator
validator, tofalse
. - To disable OCSP-based certificate validation, set the
enable
sub-parameter of theorg.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidato
validator, tofalse
.
Example:
Code Block <?xml version="1.0" encoding="ISO-8859-1"?> <CertificateValidation xmlns="http://wso2.org/projects/carbon/certificate-validation.xml"> <Validators> <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator" displayName="CRLValidator" enable="false"> <Parameter name="priority">1</Parameter> <Parameter name="fullChainValidation">true</Parameter> <Parameter name="retryCount">2</Parameter> </Validator> <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidator" displayName="OCSPValidator" enable="false"> <Parameter name="priority">2</Parameter> <Parameter name="fullChainValidation">true</Parameter> <Parameter name="retryCount">1</Parameter> </Validator> </Validators> </CertificateValidation>
- To disable CRL-based certificate validation, set the
Disabling Certificate Validation
...
in a Started WSO2 IS Pack
Follow the steps below to disable certificate validation if WSO2 Identity Server was started before.
...
Overview
Content Tools
Activity