Enable PingFederate to Check your Certificate Revocation List
- 20 Dec 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Enable PingFederate to Check your Certificate Revocation List
- Updated on 20 Dec 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can enable PingFederate to check your Certificate Revocation List (CRL) for certificate validity.
Enable PingFederate to Check Your Axiad Cloud CRL
Follow the steps below to enable PingFederate to check you Axiad Cloud tenant's certificate revocation list (CRL) for certificate validity.
Prerequisite
Ensure that your PingFederate server can reach the URL for your Axiad Cloud tenant’s CRL.
Open the Welcome page to your Axiad tenant: http://crl.{tenantName}.{platform}.axiadids.net/welcome.html
In the Resources section click to download the Root CRL and Issuing CRL
Open the PingFederate administrative console
Navigate to Security (top navigation) > Certificate & Key Management > Certificate Revocation Checking
Check the box next to Enable CRL Checking
Optionally, check the box next to Treat Unretrievable CRLs As Revoked
If needed, configure the Proxy Settings for the environment
OCSP is enabled be default. Uncheck OCSP, unless you want to continue to use OCSP use the following settings:
For Certificate Is Unknown, change the dropdown to Failover to CRL
For OCSP Responder Is Unavailable, change the dropdown to Failover to CRL
For OCSP Responder Returns Error, change the drop down to Failover to CRL
Click Save
Was this article helpful?
