Hi,
I'm working on configuring x509Certificate Authenticator using WSO2 IS
version 5.8.0. I did all configurations as mentioned in the doc [1]
<https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator>,
and I got the error as given below.
org.wso2.carbon.identity.x509Certificate.validation.CertificateValidationException:
Validator: OCSPValidatorcouldn't validate the revocation status of
certificate with serial num: 14756929408771586256
at
org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.isRevoked(RevocationValidationManagerImpl.java:123)
at
org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.verifyRevocationStatus(RevocationValidationManagerImpl.java:63)
at
org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.isCertificateRevoked(X509CertificateUtil.java:257)
at
org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.validateCertificate(X509CertificateUtil.java:155)
2019-01-17 11:49:05,175] INFO
{org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl}
- X509 Certificate validation with CRLValidator
[2019-01-17 11:49:05,176] DEBUG
{org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl}
- Certificate validation is not successful.
org.wso2.carbon.identity.x509Certificate.validation.CertificateValidationException:
Validator: CRLValidatorcouldn't validate the revocation status of
certificate with serial num: 14756929408771586256
at
org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.isRevoked(RevocationValidationManagerImpl.java:123)
at
org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.verifyRevocationStatus(RevocationValidationManagerImpl.java:63)
at
org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.isCertificateRevoked(X509CertificateUtil.java:257)
at
org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.validateCertificate(X509CertificateUtil.java:155)
So I disabled CRLValidator, and OCSPValidator in certificate-validation.xml
file in ${IS_HOME}/repository/conf/security/ , but the changes were not
getting updated. According to the implementation
in RevocationValidationManagerImpl.java in identity-x509-revocation
extension, the CRL and OCSP validators are read from the
registry repository/security/certificate/validator. This makes quite
confusion since we need to modify the certificate-validation.xml as well as
the registry to disable CRLValidator, and OCSPValidator.
The doc on Configuring x509Certificate Authenticator [1]
<https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator>
is not referring about the changes need to be done in configuration file and
the registry to disable CRL and OCSP as well.
[1]
https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator
Regards,
Piraveena
*Piraveena Paralogarajah*
Software Engineer | WSO2 Inc.
*(m)* +94776099594 | *(e)* [email protected]
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
