This documentation supports the 24.2 and consecutive patch versions of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Validating a certificate

When you have configured certificate-based authentication for a realm on your BMC Helix Single Sign-On server, you can validate the certificate.

Related topics

Configuring-certificate-based-authentication

Before you begin

If you plan to validate a custom CA certificate, you must have it imported to a truststore on the BMC Helix SSO server. 

To validate a certificate on the BMC Helix SSO server

  1. In the left navigation panel of the Edit Realm page, select Authentication.
  2. Select the Enable Validation check box to validate the client certificate chain against the truststore.
  3. In the Trusted Certificates field,  specify a certificate type that you would like to validate:
    • Default 
    • Custom—If you use this option, you must additionally complete the following fields:
      • Truststore File—Name or path of the truststore file. 
      • Truststore Password—Password for the truststore file. 

  4. (Optional) To enable OCSP check, select Enable OCSP check box, and then enter the custom OCSP responder URI in the OCSP Responder URL field.

    Important

    If you do not provide any OCSP responder URI, the system uses the OCSP responder URL that is specified in the certificate.

  5. (Optional) To enable CRL check, select Enable CRL check box, and then enter the custom CRL DP URI in the CRL DP URL field. You can provide a HTTP URI.
  6. (Optional) To enable OCSP and  CRL validation to be carried out only for an end-entity certificate,  select the OCSP/CRL Check On End-Entity Only check box.
  7. Click Save.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*