Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • If you have never started WSO2 Identity Server before, the configurations should be made on the certificate-validation.xml file.
  • If you have started WSO2 Identity Server at leasts once, the configurations should be made on the registry parameters.   

Disabling Certificate Validation

...

in an Unstarted WSO2 IS Pack

Follow the steps below to disable certificate validation if WSO2 Identity Server was never started.

  1. Open the certificate-validation.xml file in the <IS_HOME>/repository/conf/security repository.
  2. Disable certificate validation.
    1. To disable CRL-based certificate validation, set the enable sub-parameter of the org.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator validator, to false.
    2. To disable OCSP-based certificate validation, set the enable sub-parameter of the org.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidato validator, to false.

    Example:

    Code Block
    <?xml version="1.0" encoding="ISO-8859-1"?> <CertificateValidation xmlns="http://wso2.org/projects/carbon/certificate-validation.xml">
     <Validators>
     <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator" displayName="CRLValidator" enable="false">
                     <Parameter name="priority">1</Parameter>
                     <Parameter name="fullChainValidation">true</Parameter>
                     <Parameter name="retryCount">2</Parameter>
        </Validator>
        <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidator" displayName="OCSPValidator" enable="false">
                     <Parameter name="priority">2</Parameter>
                     <Parameter name="fullChainValidation">true</Parameter>
                     <Parameter name="retryCount">1</Parameter>
        </Validator>
    </Validators>
    </CertificateValidation>

Disabling Certificate Validation

...

in a Started WSO2 IS Pack

Follow the steps below to disable certificate validation if WSO2 Identity Server was started before.

...