Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Validating a certificate

When you have configured certificate-based authentication for a realm on your Remedy Single Sign-On server, you can validate the certificate.

Related topics

Configuring-certificate-based-authentication

Before you begin

If you plan to validate a custom CA certificate, you must have it imported to a truststore on the Remedy SSO server. For information about importing a CA certificate, see Configuring-the-Tomcat-server-for-certificate-based-authentication.

To validate a certificate on the Remedy SSO server

  1. In the left navigation panel of the Edit Realm page, select Authentication.
  2. Select the Enable Validation check box to validate the client certificate chain against the truststore.
  3. In the Trusted Certificates field,  specify a certificate type that you would like to validate:
    • Default 
    • Custom—If you use this option, you must additionally complete the following fields:
      • Truststore File—Name or path of the truststore file. 
      • Truststore Password—Password for the truststore file. 

  4. (Optional) To enable OCSP check, select Enable OCSP check box, and then enter the custom OCSP responder URI in the OCSP Responder URL field.

    Note

    If you do not provide any OCSP responder URI, the system uses the OCSP responder URL that is specified in the certificate.

  5. (Optional) To enable CRL check, select Enable CRL check box, and then enter the custom CRL DP URI in the CRL DP URL field. You can provide a HTTP URI.
  6. (Optional) To enable OCSP and  CRL validation to be carried out only for an end-entity certificate,  select the OCSP/CRL Check On End-Entity Only check box.
  7. Click Save.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*