I am looking for suggestions and samples to validate client certificates using OCSP and CRL.

Option 1:

Using Java Callout policy to perform OCSP verification. In this the Java Code extracts OCSP server URL from the given certificate and perform verification. If no response from OCSP server then use fallback method that is CRL verification.

Option 2:

Use Node.js hosted server that perform OCSP verification by calling OCSP server and if that fails do CRL check.

Can someone suggest which is the best efficient option for certificate validation please?