CLI flags #
Flags related to TLS configuration can be found on page listing all flags of a binary:
Validating a certificate for revocation #
TLS-based transport security of Acra services can be additionally enhanced by validation whether peer’s certificate is revoked.
This feature is currently implemented for
There are two methods for validating the certificate’s revocation:
They are configured separately and can be enabled simultaneously.
By default, Acra performs mentioned validations only if the certificate itself contains OCSP / CRL metadata. Otherwise, if certificate does not contain URLs of OCSP / CRL, it won’t be validated for revocation.
We have a dedicated page about public key infrastructure, located in Acra in depth section.