Certificate Validity


The validity period of an X.509 certificate is encoded in the certificate. The Certificate Validity performs a simple check on a certificate to ensure that it has not expired.

By default, the Certificate Validity filter searches for the X.509 certificate in the certificate message attribute, which must be set by a predecessor filter in the policy (for example, by an SSL Authentication filter).


Configure the following fields on the Certificate Validity screen:


Enter an appropriate name for the filter.

Certificate Selector Expression:

Enter the selector expression that specifies where to obtain the certificate (for example, from a message attribute). The filter checks the validity of the specified certificate. If no certificate is found, the filter returns an error. Defaults to ${certificate}.

Using a selector enables settings to be evaluated and expanded at runtime based on metadata (for example, in a message attribute, Key Property Store (KPS), or environment variable). For more details, see Selecting Configuration Values at Runtime.