Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the certificate-validation.xml file in the <IS_HOME>/repository/conf/security repository.
  2. Disable certificate validation.
    1. To disable CRL-based certificate validation, set the enable sub-parameter of the org.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator validator, to false.
    2. To disable OCSP-based certificate validation, set the enable sub-parameter of the org.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidato validator, to false.

    Example:

    Code Block
    <?xml version="1.0" encoding="ISO-8859-1"?> <CertificateValidation xmlns="http://wso2.org/projects/carbon/certificate-validation.xml">
     <Validators>
     <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.CRLValidator" displayName="CRLValidator" enable="false">
                     <Parameter name="priority">1</Parameter>
                     <Parameter name="fullChainValidation">true</Parameter>
                     <Parameter name="retryCount">2</Parameter>
        </Validator>
        <Validator name="org.wso2.carbon.identity.x509Certificate.validation.validator.OCSPValidator" displayName="OCSPValidator" enable="false">
                     <Parameter name="priority">2</Parameter>
                     <Parameter name="fullChainValidation">true</Parameter>
                     <Parameter name="retryCount">1</Parameter>
        </Validator>
    </Validators>
    </CertificateValidation>

Disabling Certificate Validation in

...

an Already-started WSO2 IS Pack

Follow the steps below to disable certificate validation if WSO2 Identity Server was started before.

...