Enable PingFederate to Check your Certificate Revocation List
  • 20 Dec 2023
  • 1 Minute to read
  • Dark
    Light
  • PDF

Enable PingFederate to Check your Certificate Revocation List

  • Dark
    Light
  • PDF

Article summary

You can enable PingFederate to check your Certificate Revocation List (CRL) for certificate validity.

Enable PingFederate to Check Your Axiad Cloud CRL

Follow the steps below to enable PingFederate to check you Axiad Cloud tenant's certificate revocation list (CRL) for certificate validity.

Prerequisite

Ensure that your PingFederate server can reach the URL for your Axiad Cloud tenant’s CRL.

  1. Open the Welcome page to your Axiad tenant: http://crl.{tenantName}.{platform}.axiadids.net/welcome.html

  2. In the Resources section click to download the Root CRL and Issuing CRL

  3. Open the PingFederate administrative console

  4. Navigate to Security (top navigation) > Certificate & Key Management > Certificate Revocation Checking

  5. Check the box next to Enable CRL Checking

  6. Optionally, check the box next to Treat Unretrievable CRLs As Revoked

  7. If needed, configure the Proxy Settings for the environment

  8. OCSP is enabled be default. Uncheck OCSP, unless you want to continue to use OCSP use the following settings:

    1. For Certificate Is Unknown, change the dropdown to Failover to CRL

    2. For OCSP Responder Is Unavailable, change the dropdown to Failover to CRL

    3. For OCSP Responder Returns Error, change the drop down to Failover to CRL

  9. Click Save


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.