RevocationConfig (common.tls) Configuration

RevocationConfig (common.tls) Configuration: Type: io.helidon.common.tls.RevocationConfig

Configuration options

Optional configuration options

key	type	default value	description
`check-only-end-entity`	boolean	`false`	Only check the revocation status of end-entity certificates. Default value is `false`. @return whether to check only end-entity certificates
`enabled`	boolean	`false`	Flag indicating whether this revocation config is enabled. @return enabled flag
`fallback-enabled`	boolean	`true`	Enable fallback to the less preferred checking option. @return whether to allow fallback to the less preferred checking option
`ocsp-responder-uri`	URI		The URI that identifies the location of the OCSP responder. This overrides the `ocsp.responderURL` security property and any responder specified in a certificate’s Authority Information Access Extension, as defined in RFC 5280. @return OCSP responder URI
`prefer-crl-over-ocsp`	boolean	`false`	Prefer CRL over OCSP. Default value is `false`. @return whether to prefer CRL over OCSP
`soft-fail-enabled`	boolean	`false`	Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons: The CRL or OCSP response cannot be obtained because of a network error. The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater. @return whether soft fail is enabled