Certificate validity


The validity period of an X.509 certificate is encoded in the certificate. The Certificate Validity filter performs a simple check on a certificate to ensure that it has not expired.

By default, the Certificate Validity filter searches for the X.509 certificate in the certificate message attribute, which must be set by a predecessor filter in the policy (for example, by an SSL Authentication filter).


Configure the following fields on the Certificate Validity window:

Enter an appropriate name for the filter to display in a policy.

Certificate Selector Expression:
Enter the selector expression that specifies where to obtain the certificate (for example, from a message attribute). The filter checks the validity of the specified certificate. If no certificate is found, the filter returns an error. Defaults to ${certificate}.

Using a selector enables settings to be evaluated and expanded at runtime based on metadata (for example, in a message attribute, Key Property Store (KPS), or environment variable). For more details, see Select configuration values at runtime in the API Gateway Policy Developer Guide.

Related Links