To disable checking certificate revocation list use context.Request.Certificate.VerifyNoRevocation()
instead of context.Request.Certificate.Verify()
. If client certificate is self-signed, root (or intermediate) CA certificate(s) must be uploaded to API Management for context.Request.Certificate.Verify()
and context.Request.Certificate.VerifyNoRevocation()
to work.
403 Invalid client certificate Self Signed API Management
Previous Post: How to convert .pfx to .cer?