You set values in the locked.properties file to enable and configure smart card certificate revocation checking.
Properties for Smart Card Certificate Revocation Checking lists the locked.properties file properties for certificate revocation checking.
Property | Description |
---|---|
enableRevocationChecking | Set this property to true to enable certificate revocation checking. When this property is set to false, certificate revocation checking is disabled and all other certificate revocation checking properties are ignored. The default value is false. |
crlLocation | Specifies the location of the CRL, which can be either a URL or a file path. If you do not specify a URL, or if the specified URL is invalid, VMware Horizon uses the list of CRLs on the user certificate if allowCertCRLs is set to true or is not specified. If VMware Horizon cannot access a CRL, CRL checking fails. |
allowCertCRLs | When this property is set to true, VMware Horizon extracts a list of CRLs from the user certificate. The default value is true. |
enableOCSP | Set this property to true to enable OCSP certificate revocation checking. The default value is false. |
ocspURL | Specifies the URL of an OCSP Responder. |
ocspResponderCert | Specifies the file that contains the OCSP Responder's signing certificate. VMware Horizon uses this certificate to verify that the OCSP Responder's responses are genuine. |
ocspSendNonce | When this property is set to true, a nonce is sent with OCSP requests to prevent repeated responses. The default value is false. |
ocspCRLFailover | When this property is set to true, VMware Horizon uses CRL checking if OCSP certificate revocation checking fails. The default value is true. |