},
				// Set up an UpstreamCluster with a CredentialName where the secret has a CRL specified with the server certificate as revoked.
				// Certificate revoked error at Gateway, results in a 503 response.
				{
					name:            "credential with CRL having server certificate revoked",
					statusCode:      http.StatusServiceUnavailable,
					credentialToUse: credWithCRL,
					useGateway:      false,
				},

						ErrorMessage: "CERTIFICATE_VERIFY_FAILED",
					},
				},
				// Mutual TLS origination from an authorized sidecar to https endpoint with a CRL with a dummy revoked certificate.
				// Since the certificate in action is not revoked, the communication should not be impacted.
				{
					name:             "dummy crl",
					credentialToUse:  credWithDummyCRL,
					from:             apps.Ns2.B,

						PrivateKey: ingressutil.TLSClientKeyB,
						Cert:       ingressutil.TLSClientCertB,
					},
				},
				// TC3: Add CRL with revoked client Certificate A to the configuration,
				// and initiate communication from client A.
				// Server should respond with the "revoked certificate" error message.
				{
					name:       "mtls ingress gateway with CRL-client A",
					secretName: "testmtlsgateway-secret-with-crl-a",

	alertHandshakeFailure:             "handshake failure",
	alertBadCertificate:               "bad certificate",
	alertUnsupportedCertificate:       "unsupported certificate",
	alertCertificateRevoked:           "revoked certificate",
	alertCertificateExpired:           "expired certificate",
	alertCertificateUnknown:           "unknown certificate",
	alertIllegalParameter:             "illegal parameter",

# revoke one of the client certificates for CRL testing purpose
openssl ca -config "${WD}/crlA.conf" -revoke "${WD}/clientA.crt"
openssl ca -gencrl -out "${WD}/rootA.crl" -config "${WD}/crlA.conf"

# revoke one of the server certificates for CRL testing purpose
openssl ca -config "${WD}/crl.conf" -revoke "${WD}/dns/cert-chain.pem"
openssl ca -gencrl -out "${WD}/ca.crl" -config "${WD}/crl.conf"

# remove the database entry for the previous revoked certificate, so that we can generate a new dummy CRL entry for an unused server cert,

	EKEYEXPIRED - APPLICATION_ERROR:     "key has expired",
	EKEYREJECTED - APPLICATION_ERROR:    "key was rejected by service",
	EKEYREVOKED - APPLICATION_ERROR:     "key has been revoked",
	EL2HLT - APPLICATION_ERROR:          "level 2 halted",
	EL2NSYNC - APPLICATION_ERROR:        "level 2 not synchronized",
	EL3HLT - APPLICATION_ERROR:          "level 3 halted",

=== Example: Configure the GnupgSignatory

[source.multi-language-sample,properties]
.gradle.properties
----
include::{snippetsPath}/signing/gnupg-signatory/groovy/gradle.properties[tag=user-properties]
----

`signing.gnupg.executable`::

	{159, "ENOMEDIUM", "no medium found"},
	{160, "EMEDIUMTYPE", "wrong medium type"},
	{161, "ENOKEY", "required key not available"},
	{162, "EKEYEXPIRED", "key has expired"},
	{163, "EKEYREVOKED", "key has been revoked"},
	{164, "EKEYREJECTED", "key was rejected by service"},
	{165, "EOWNERDEAD", "owner died"},
	{166, "ENOTRECOVERABLE", "state not recoverable"},
	{167, "ERFKILL", "operation not possible due to RF-kill"},

	{159, "ENOMEDIUM", "no medium found"},
	{160, "EMEDIUMTYPE", "wrong medium type"},
	{161, "ENOKEY", "required key not available"},
	{162, "EKEYEXPIRED", "key has expired"},
	{163, "EKEYREVOKED", "key has been revoked"},
	{164, "EKEYREJECTED", "key was rejected by service"},
	{165, "EOWNERDEAD", "owner died"},
	{166, "ENOTRECOVERABLE", "state not recoverable"},
	{167, "ERFKILL", "operation not possible due to RF-kill"},