Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Background
Prior to 570 WSO2 IS versions, CRL and OSCP validations were disabled in the certificate-validation.xml file in the /repository/conf/security/ repository.
From 570 onwards, the certificates of CAs and intermediate CAs that are to be considered as trusted CAs for X509 authentication must be configured in the certificate-validation.xml as follows.
`<?xml version="1.0" encoding="ISO-8859-1"?>
…….
`
To complement this behaviour, CRL and OSCP validations were enabled by default from WSO2 IS 570 onwards. So, if you don't want to configure the truststore as given above, you will have to disable the CRL and OSCP validation as well.
To-Do
Add a separate section subsequent to the 'Configuring the X509 Certificate for the app' section in the Configuring X509Certificate Authenticator page to explain this behavior.
Background Prior to 570 WSO2 IS versions, CRL and OSCP validations were disabled in the certificate-validation.xml file in the/repository/conf/security/ repository.
From 570 onwards, the certificates of CAs and intermediate CAs that are to be considered as trusted CAs for X509 authentication must be configured in the certificate-validation.xml as follows.
`<?xml version="1.0" encoding="ISO-8859-1"?>
`
To complement this behaviour, CRL and OSCP validations were enabled by default from WSO2 IS 570 onwards. So, if you don't want to configure the truststore as given above, you will have to disable the CRL and OSCP validation as well.
To-Do Add a separate section subsequent to the 'Configuring the X509 Certificate for the app' section in the Configuring X509Certificate Authenticator page to explain this behavior.