We tried below options:
1. Thru Manage Certificates / Certificate Validations. In this case we are not seeing any attempt to validate user certs in ssg logs or audit logs. This doesn't seem to work as we do not have use cert in AD / LDAP and do not authenticate using entire cert.
2. Using combination of "Lookup Certificate" & "Validate Certificate" policy assertions. Is our understanding correct in assuming that Lookup Certificate assertion actually loads the user cert against the defined output variable name? This option is giving the below error:
Certificate CN=*****, DC=****, DC=***** validation (REVOCATION) failed with status: CANT_BUILD_PATH
Unable to build path for certificate CN=*****, DC=****, DC=***** : Unable to find valid certification path to requested target.
Any pointers to the right direction would be appreciated.