When AE Services is configured in secure mode, AE Services enables multifactor authentication and provides ability to enable certificate revocation check for client provided certificates.

When certificate revocation check is enabled, AE Services sever checks the revocation status of client provided certificates using Online Certificate Status Protocol (OCSP) responder either provided in Certificate Authority Information Access (AIA) Extension or OCSP responder URL provided during configuration.

If client certificate is REVOKED or OCSP responder URL is unreachable or incorrect, AE Services rejects the secure connection request to AE Services OAM and the user cannot connect to the OAM interface.

If client certificate if GOOD, AE Services allows the secure connection request to the OAM interface and the user can connect to the OAM interface. Revocation check on client certificate is performed every time when new session request is created with the OAM interface.