Validate a Self-signed or a CA-signed certificate

When the incoming client certificate is self-signed, the EBICS Banking Server validates the date.

When the incoming client certificate is CA-signed or intermediate CA-signed, the EBICS Banking Server validates the following:
  1. Online Certificate Status (OCSP) or Certificate Revocation List (CRL) – If the certificate status is revoked, the EBICS Banking Server suspends the user. By default, EBICS Banking Server validates OCSP. If OCSP is successful, the server does not validate CRL. If you want the server to validate CRL, set the ebicsserver.ocsp parameter to false in the ebics_server.properties file.
  2. Date – validity of the certificate
  3. Chained signature – the validity of the Certificate Authority