You set values in the locked.properties file to enable and configure smart card certificate revocation checking.

Table 1 lists the locked.properties file properties for certificate revocation checking.

Table 1. Properties for Smart Card Certificate Revocation Checking
Property Description
enableRevocationChecking Set this property to true to enable certificate revocation checking.

When this property is set to false, certificate revocation checking is disabled and all other certificate revocation checking properties are ignored.

The default value is false.

crlLocation Specifies the location of the CRL, which can be either a URL or a file path.

If you do not specify a URL, or if the specified URL is invalid, Horizon 7 uses the list of CRLs on the user certificate if allowCertCRLs is set to true or is not specified.

If Horizon 7 cannot access a CRL, CRL checking fails.

allowCertCRLs When this property is set to true, Horizon 7 extracts a list of CRLs from the user certificate.

The default value is true.

enableOCSP Set this property to true to enable OCSP certificate revocation checking.

The default value is false.

ocspURL Specifies the URL of an OCSP Responder.
ocspResponderCert Specifies the file that contains the OCSP Responder's signing certificate. Horizon 7 uses this certificate to verify that the OCSP Responder's responses are genuine.
ocspSendNonce When this property is set to true, a nonce is sent with OCSP requests to prevent repeated responses.

The default value is false.

ocspCRLFailover When this property is set to true, Horizon 7 uses CRL checking if OCSP certificate revocation checking fails.

The default value is true.