Configuring validation for certificates

You can configure certificate validation in Certificate Manager - Self-Hosted. As part of validation, you need to specify the certificate's validation settings so that Trust Protection Foundation can locate the certificate and verify that it's installed correctly.

IMPORTANT  You must have View and Write permissions to the application.

  1. From the Certificate Manager - Self-Hosted menu bar, click Inventory> Certificates.

  2. Find the certificate that you want to configure, and then click the certificate's name.

  3. In the sidebar, click SSL/TLS.

  4. Click Certificate Settings.

  5. Edit the Certificate SSL/TLS Validation Settings as needed.

  • Validate SSL/TLS connections for this certificate? Select Yes or No. Yes will enable Trust Protection Foundation to turn on daily TLS validation of this certificate. The Port is the network port that Trust Protection Foundation will use to connect to the target device hosting the certificate when making the TLS connection.
  • Use certificate's Common Name - Validation scans include network addresses resolved from the common name of the certificate.
  • Use Certificate DNS Subject Alternative Names - Validation scans include network addresses resolved from the DNS Subject Alternative Names (SANs) of the certificate, if any.
  • Validate the chain returned by the hosting server - The chain returned by the hosting server is compared to the chain that Trust Protection Foundation builds using its internal algorithm to ensure a match. By default, chain validation is enabled and affects the SSL/TLS validation result.

  • You can define other network addresses and ports by creating a device and Basic application object.

    See Creating a device object in the Policy Tree.

Related Topics Link IconRelated Topics