diff --git a/base/server/src/main/java/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/base/server/src/main/java/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
index 662fa9d061e..d3ba2d3e6fe 100644
--- a/base/server/src/main/java/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
+++ b/base/server/src/main/java/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
@@ -25,6 +25,7 @@
 import org.dogtagpki.server.authentication.AuthManagerConfig;
 import org.dogtagpki.server.authentication.AuthToken;
 import org.dogtagpki.server.authentication.AuthenticationConfig;
+import org.dogtagpki.server.authentication.RevocationCheckingConfig;
 import org.mozilla.jss.netscape.security.x509.X509CertImpl;
 
 import com.netscape.certsrv.authentication.AuthCredentials;
@@ -71,7 +72,7 @@ public class CertUserDBAuthentication extends AuthManager {
     private CertUserLocator mCULocator = null;
 
     private boolean mRevocationCheckingEnabled = false;
-    private ConfigStore mRevocationChecking;
+    private RevocationCheckingConfig mRevocationChecking;
 
     public CertUserDBAuthentication() {
     }
@@ -97,14 +98,14 @@ public void init(
         mConfig = config;
 
         if (authenticationConfig != null) {
-            mRevocationChecking = authenticationConfig.getSubStore("revocationChecking", ConfigStore.class);
+            mRevocationChecking = authenticationConfig.getRevocationCheckingConfig();
         }
         if (mRevocationChecking != null) {
-            mRevocationCheckingEnabled = mRevocationChecking.getBoolean("enabled", false);
+            mRevocationCheckingEnabled = mRevocationChecking.isEnabled();
             if (mRevocationCheckingEnabled) {
-                int size = mRevocationChecking.getInteger("bufferSize", 0);
-                long interval = mRevocationChecking.getInteger("validityInterval", 28800);
-                long unknownStateInterval = mRevocationChecking.getInteger("unknownStateInterval", 1800);
+                int size = mRevocationChecking.getBufferSize();
+                long interval = mRevocationChecking.getValidityInterval();
+                long unknownStateInterval = mRevocationChecking.getUnknownStateInterval();
 
                 if (size > 0)
                     engine.setListOfVerifiedCerts(size, interval, unknownStateInterval);
diff --git a/base/server/src/main/java/org/dogtagpki/server/authentication/AuthenticationConfig.java b/base/server/src/main/java/org/dogtagpki/server/authentication/AuthenticationConfig.java
index 6281110fd53..3d36371afd5 100644
--- a/base/server/src/main/java/org/dogtagpki/server/authentication/AuthenticationConfig.java
+++ b/base/server/src/main/java/org/dogtagpki/server/authentication/AuthenticationConfig.java
@@ -28,4 +28,11 @@ public AuthenticationConfig(String name, SimpleProperties source) {
     public AuthManagersConfig getAuthManagersConfig() {
         return getSubStore("instance", AuthManagersConfig.class);
     }
+
+    /**
+     * Returns auths.revocationChecking.* parameters.
+     */
+    public RevocationCheckingConfig getRevocationCheckingConfig() {
+        return getSubStore("revocationChecking", RevocationCheckingConfig.class);
+    }
 }
diff --git a/base/server/src/main/java/org/dogtagpki/server/authentication/RevocationCheckingConfig.java b/base/server/src/main/java/org/dogtagpki/server/authentication/RevocationCheckingConfig.java
new file mode 100644
index 00000000000..4b066efdc52
--- /dev/null
+++ b/base/server/src/main/java/org/dogtagpki/server/authentication/RevocationCheckingConfig.java
@@ -0,0 +1,53 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.authentication;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cmscore.base.ConfigStorage;
+import com.netscape.cmscore.base.ConfigStore;
+import com.netscape.cmscore.base.SimpleProperties;
+
+/**
+ * Provides auths.revocationChecking.* parameters.
+ */
+public class RevocationCheckingConfig extends ConfigStore {
+
+    public RevocationCheckingConfig(ConfigStorage storage) {
+        super(storage);
+    }
+
+    public RevocationCheckingConfig(String name, SimpleProperties source) {
+        super(name, source);
+    }
+
+    /**
+     * Returns auths.revocationChecking.enabled parameter.
+     */
+    public boolean isEnabled() throws EBaseException {
+        return getBoolean("enabled", false);
+    }
+
+    /**
+     * Returns auths.revocationChecking.bufferSize parameter.
+     */
+    public int getBufferSize() throws EBaseException {
+        return getInteger("bufferSize", 0);
+    }
+
+    /**
+     * Returns auths.revocationChecking.validityInterval parameter.
+     */
+    public int getValidityInterval() throws EBaseException {
+        return getInteger("validityInterval", 28800);
+    }
+
+    /**
+     * Returns auths.revocationChecking.unknownStateInterval parameter.
+     */
+    public int getUnknownStateInterval() throws EBaseException {
+        return getInteger("unknownStateInterval", 1800);
+    }
+}