Layer7 API Management

  • Private Community
 View Only

  • 1.  Manage Certificate Validation in terms of PSD2

    Posted Jul 10, 2019 09:14 AM
    Hi folks,

    in the regulatory Project PSD2 we need to manage the certificate Validation against a big number of CA/-Root-Certificates (700-800). We thought that the "Manage Certificate Validation"-Option can support us on that. So far client certificate validation is done by the loadbalancer. The Gateway just recieves a base64 encoded string represantation of the certificate as a header parameter. We are asked to use revocation validation features of the gateway. Now to the question is it possible to use the "Manage Certificate Validation"-Feature on the base64 encoded certificate?
    We haven't used the build in client certificate validation feature so far.

    The Feature we meant is described here:
    https://docops.ca.com/ca-api-gateway/9-2/en/security-configuration-in-policy-manager/tasks-menu-security-options/manage-certificates/manage-certificate-validation

    Any ideas on that especially regarding the high number of CA/Root-Certificate to validate against.

    Thanks in advance and best Regards,
    Max


  • 2.  RE: Manage Certificate Validation in terms of PSD2
    Best Answer

    Broadcom Employee
    Posted Jul 18, 2019 03:05 PM
    Yes, what you linked to should meet your needs as you've described them in the above post. It may have some additional overhead though if you have to manually put in each CRL or OSCP list to use, but generally it will use the one presented on the certificate itself so you shouldn't need to manage it unless you manage your own lists.
    Original Message