Azure-docs: Is OCSP supported in azure api management? How does certificate revocation verify work?
There is question on this page https://github.com/MicrosoftDocs/azure-docs/issues/35369
The provided reply doesn't answer whether OCSP or CRL is supported.Â
Is it possible to use a user define CRL and feed that when verify performed?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 51769134-4b97-0a48-3031-cbcea10ca714
- Version Independent ID: dc70bd8c-54be-1592-2137-aed9cae0094b
- Content: Secure APIs using client certificate authentication in API Management - Azure API Management
- Content Source: articles/api-management/api-management-howto-mutual-certificates-for-clients.md
- Service: api-management
- GitHub Login: @vladvino
- Microsoft Alias: apimpm
morteza54dp
All 5 comments
@morteza54dp, Thank you for your feedback! We will review and update as appropriate.
ChaitanyaNaykodi-MSFT
on 15 Sep 2020
Hi @solankisamir Could you share your insights on this issue?
mike-urnun-msft
on 22 Sep 2020
@morteza54dp , @mike-urnun-msft OCSP/CRL validation takes place by default if validated certificate contains corresponding urls in its extensions. There's no way to provide additional CRL urls.
maksimkim
on 2 Oct 2020
Thanks for the reply.
Is OCSP responder uri mentioned in the root CA used or from the client certificate? or whether both are supported?
MortezaDamavandpeyma-TomTom
on 3 Oct 2020
cc: @maksimkim for the follow-up question above
@MortezaDamavandpeyma-TomTom Since the discussion is outside of the scope of this documentation and this channel is more for driving improvements towards MS Docs, we'll now proceed to close the issue for now. While you're welcome to continue the discussion here with @maksimkim, in the future, please consider posting any product related questions on our new Q&A platform and we'd be happy to assist you there as well.
mike-urnun-msft
on 3 Oct 2020
Related issues
jebeld17
·
3Comments
ianpowell2017
·
3Comments
spottedmahn
·
3Comments
Agazoth
·
3Comments
behnam89
·
3Comments
Most helpful comment
@morteza54dp , @mike-urnun-msft OCSP/CRL validation takes place by default if validated certificate contains corresponding urls in its extensions. There's no way to provide additional CRL urls.