Hello Stephen/Arun,
Actually same issue I am also facing , need to validate CRL against user ,but after enabling we can see it failing for valid cert/user as well. We have set clusterwide property pkix.validation.other ,pkix.validation.routing and pkix.validation.identityProvider to control revocation checking for Identity provider ,routing and other.I have set all three attribute value as revocation using restman.
.Can you please share us complete info , what CA recommended on this issue.
FYI error :
Error message :
2018-01-23T07:35:49.644+0100 INFO 772 com.l7tech.server.policy.assertion.ServerSslAssertion: 4114: Found client
certificate for CN=******S***** CA 1, OU=** 017, OU=CA, O=***, C=XX
2018-01-23T07:35:49.644+0100 WARNING 772 com.l7tech.server.identity.fed.FederatedIdentityProviderImpl: 2034: Unable
to build path for Certificate CN=Prashant SrivastavaOU=people, OU=CA, O=***, C=XX: unable to find val
id certification path to requested target; related error(s) [Revocation check failed for certificate'CN=Prashant S
rivastava (XX), OU=people, OU=XX, O=XX, C=XX.]