Please also refer to the information in the plugins and properties in the ConfigEditor by clicking on the "i"-symbol.

IAM Config Property



Client Repository

"Technical Client Database Repository"

Defines how technical clients are stored in the IAM database. The same repository configuration is usually used in the Adminapp's REST API for technical client management.

Technical Client Interceptors


If configured, custom interceptor implementations will be informed about added technical clients.

Check Validity Period

True (checked)

If unchecked the validity period of the SSL/TLS client certificate is not checked. This may be useful for testing purposes but should be enabled (the default) in all other cases.

Certificate Status Checkers

See description.

The revocation status of certificates may be checked in IAM and/or on the Airlock Gateway. See corresponding hint on page Airlock Gateway and IAM configuration for NextGenPSD2.

If checking the revocation status here, we recommend the following:

  • For good performance, use the "Caching Certificate Status Checker". Note that otherwise, an OCSP call may be preformed for every single bank API call.
  • Inside the "Caching Certificate Status Checker" use a "CRL Distribution Point Extension CRL Checker"
    • As "Fallback Checker" configure an OCSP client for the QTSPs ("OCSP Certificate Status Checker").
    • In the "OCSP Certificate Status" you need to configure a trust store with all QTSP CA's.