Page History
...
- If you have never started WSO2 Identity Server before, the configurations should be made on the
certificate-validation.xmlfile. - If you have started WSO2 Identity Server at leasts once, the configurations should be made on the registry parameters.
Disabling Certificate Validation
...
in an Unstarted WSO2 IS Pack
Follow the steps below to disable certificate validation if WSO2 Identity Server was never started.
- Open the
certificate-validation.xmlfile in the<IS_HOME>/repository/conf/securityrepository. - Disable certificate validation.
- To disable CRL-based certificate validation, set the
enablesub-parameter of theorg.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidatorvalidator, tofalse. - To disable OCSP-based certificate validation, set the
enablesub-parameter of theorg.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidatovalidator, tofalse.
Example:
Code Block <?xml version="1.0" encoding="ISO-8859-1"?> <CertificateValidation xmlns="http://wso2.org/projects/carbon/certificate-validation.xml"> <Validators> <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator" displayName="CRLValidator" enable="false"> <Parameter name="priority">1</Parameter> <Parameter name="fullChainValidation">true</Parameter> <Parameter name="retryCount">2</Parameter> </Validator> <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidator" displayName="OCSPValidator" enable="false"> <Parameter name="priority">2</Parameter> <Parameter name="fullChainValidation">true</Parameter> <Parameter name="retryCount">1</Parameter> </Validator> </Validators> </CertificateValidation> - To disable CRL-based certificate validation, set the
Disabling Certificate Validation
...
in a Started WSO2 IS Pack
Follow the steps below to disable certificate validation if WSO2 Identity Server was started before.
...
Overview
Content Tools
Activity