To disable checking certificate revocation list use context.Request.Certificate.VerifyNoRevocation() instead of context.Request.Certificate.Verify(). If client certificate is self-signed, root (or intermediate) CA certificate(s) must be uploaded to API Management for context.Request.Certificate.Verify() and context.Request.Certificate.VerifyNoRevocation() to work.
403 Invalid client certificate Self Signed API Management
You might also like...
HTTP/1.1 302 Moved Temporarily Backend service responded with a redirect.
Product cannot be deleted since it has existing subscriptions.
API cannot be added to more than one open products
Cannot provide values for approvalRequired and subscriptionsLimit when subscriptionRequired is set to false in the request payload
Previous Post: How to convert .pfx to .cer?