Validating a certificate

When you have configured certificate-based authentication for a realm on your Remedy Single Sign-On server, you can validate the certificate.

Before you begin

If you plan to validate a custom CA certificate, you must have it imported to a truststore on the Remedy SSO server. For information about importing a CA certificate, see Configuring the Tomcat server for certificate-based authentication.

To validate a certificate on the Remedy SSO server 

1. In the left navigation panel of the Edit Realm page, select Authentication.

2. Select the Enable Validation check box to validate the client certificate chain against the truststore.

3. In the Trusted Certificates field,  specify a certificate type that you would like to validate:
   
   • Default 
   • Custom—If you use this option, you must additionally complete the following fields:
     • Truststore File—Name or path of the truststore file. 
     • Truststore Password—Password for the truststore file. 

4. (Optional) To enable OCSP check, select Enable OCSP check box, and then enter the custom OCSP responder URI in the OCSP Responder URL field.

   Note

   If you do not provide any OCSP responder URI, the system uses the OCSP responder URL that is specified in the certificate.

5. (Optional) To enable CRL check, select Enable CRL check box, and then enter the custom CRL DP URI in the CRL DP URL field. You can provide a HTTP URI.
6. (Optional) To enable OCSP and  CRL validation to be carried out only for an end-entity certificate,  select the OCSP/CRL Check On End-Entity Only check box.
7. Click Save.