Hi Shanmuga,
It will work if you have signers in val cred - Provided you have Certificate validation mode set to "Match exact certificate or immidiate issuer" in validation credential config.
After the restart of datapower (due to any requirements in future), your leaf certificate object may go down due to expiry. So you may want to remove it from val cred & keep ssl active only with signers.
- Prathamesh
------------------------------
Prathamesh Dixit
------------------------------
Original Message:
Sent: Thu December 05, 2024 03:12 AM
From: Shanmuga Rajendra
Subject: DataPower validation credential config
I have both leaf certificate and immediate issuer certificate added in val cred object in DP. When client application is going to update leaf certificate due to nearing expiry date but issued with same issuer certificate.Intermediate and root certificate remains same but server certificate changed with new expiry date. Will the valcred successfully able to validate peer certificate using signers already present in val cred or do I need to remove the leaf certificate from validation credential to make it work?Please suggest.
------------------------------
Shanmuga Rajendra
Datapower admin
------------------------------