Sorry for the delay. I just got to trying it out on my own today and here is what i have in my server side :
<sc:ValidatorConfiguration wspp:visibility="private" sc:revocationEnabled="true"/>
And it throws the following exception when running, because my certs do not have a CRLDP extension, neither do they have the ocsp extension.
WSS0223: Certificate validation failed
java.security.cert.CertPathValidatorException: Must specify the location of an OCSP Responder
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:206)
at com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.validateCertificate(WSITProviderSecurityEnvironment.java:979)
Please note : the revocationEnabled attr is namespace qualified (xmlns:sc="
http://schemas.sun.com/2006/03/wss/server"). You may have most likely specified it without any namespace qualifier (due to a bug in documentation).
Please try it and let me know if it worked.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=322930