Description

Certificate revocation configuration.

Usages

Configuration options

KeyKindTypeDefault ValueDescription
check-only-end-entityVALUEBooleanfalseOnly check the revocation status of end-entity certificates
enabledVALUEBooleanfalseFlag indicating whether this revocation config is enabled
fallback-enabledVALUEBooleantrueEnable fallback to the less preferred checking option
ocsp-responder-uriVALUEURI The URI that identifies the location of the OCSP responder
prefer-crl-over-ocspVALUEBooleanfalsePrefer CRL over OCSP
soft-fail-enabledVALUEBooleanfalseAllow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:
  • The CRL or OCSP response cannot be obtained because of a network error

See the manifest for all available types.