TLS #

CLI flags #

Flags related to TLS configuration can be found on page listing all flags of a binary:

• AcraConnector
• AcraServer
• AcraTranslator

Validating a certificate for revocation #

TLS-based transport security of Acra services can be additionally enhanced by validation whether peer’s certificate is revoked.

This feature is currently implemented for acra-connector, acra-server and acra-translator.

There are two methods for validating the certificate’s revocation:

• OCSP (Online Certificate Status Protocol)
• CRL (Certificate Revocation List)

They are configured separately and can be enabled simultaneously.

By default, Acra performs mentioned validations only if the certificate itself contains OCSP / CRL metadata. Otherwise, if certificate does not contain URLs of OCSP / CRL, it won’t be validated for revocation.

PKI #

We have a dedicated page about public key infrastructure, located in Acra in depth section.