Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
CheckCertificateRevocationStatusActions - AWS Network Firewall
ContentsSee Also

CheckCertificateRevocationStatusActions

PDF

Defines the actions to take on the SSL/TLS connection if the certificate presented by the server in the connection has a revoked or unknown status.

Contents

RevokedStatusAction

Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.

  • PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.

  • DROP - Network Firewall closes the connection and drops subsequent packets for that connection.

  • REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection. REJECT is available only for TCP traffic.

Type: String

Valid Values: PASS | DROP | REJECT

Required: No

UnknownStatusAction

Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.

  • PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.

  • DROP - Network Firewall closes the connection and drops subsequent packets for that connection.

  • REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection. REJECT is available only for TCP traffic.

Type: String

Valid Values: PASS | DROP | REJECT

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Next topic:

CIDRSummary

Previous topic:

CapacityUsageSummary

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.