Revocation check

The SSLStream class supports certificate revocation checking.

The revocation checking is automatically done by the certificate chaining engine. This applies for both Online Certificate Status Protocol (OCSP) and Certificate Revocation lists (CRLs). The SSLStream class uses the certificate revocation that uses only the server specified in the certificate, that is the server is dictated by the certificate itself. It is possible for HTTP CDP extensions and OCSP HTTP requests to proxy through HTTP proxy server.

The way in which you set the revocation check depends on which of the IBM MQ stack offerings we are using.

    IBM MQ.NET
    The revocation check can be set by accessing the MQEnvironment.SSLCertRevocationCheck property on the MQEnvironment.cs class file.

    XMS .NET
    The revocation check can be set on the connection factory property context as shown in the following example.
    ConnectionFactory.SetBooleanProperty(XMSC.WMQ_SSL_CERT_REVOCATION_CHECK, true);
    

    WCF
    The revocation check can be set on the URI using the following naming convention.
    "SslCertRevocationCheck=true"
    

Parent topic: TLS support for the managed .NET client