Certificate validation methods in AMS

You can use Advanced Message Security to detect and reject revoked certificates so that messages on your queues are not protected using certificates that do not fulfill security standards.

AMS allows you to verify a certificate validity by using either Online Certificate Status Protocol (OCSP) or certificate revocation list (CRL).

AMS can be configured for either OCSP or CRL checking or both. If both methods are enabled, then, for performance reasons, AMS uses OCSP for revocation status first. If the revocation status of a certificate is undetermined after the OCSP checking, AMS uses the CRL checking.

Note that both OCSP and CRL checking are enabled by default.