Validating a certificate's installation (onboard validation)

Onboard validation (called installation validation in Aperture) is a process by which Trust Protection Platform verifies that a certificate is properly installed, and that that certificate's settings comply with the settings configured on the certificate object in Trust Protection Platform.

Onboard validation determines if the Application object's configuration is correct and verifies that the correct certificate is installed on the server. If Trust Protection Platform can locate the certificate, it knows the Application object's certificate configuration is correct. Finally, when Trust Protection Platform retrieves the certificate serial number, it can determine if the correct certificate is installed.

NOTE  Onboard validation applies to application objects only.

Unless you disable it, onboard validation occurs each time a certificate is automatically renewed and installed. To learn how to disable onboard validation, see Disabling SSL/TLS validation .

 

Certificate installation verification

What it verifies
  • Application objects only

What it's looking for
  • Application object has correct configuration
  • Correct certificate is installed on the server

How it works
  • If Trust Protection Platform authenticates with the server, then it knows the Application object's credentials are correct.
  • If Trust Protection Platform locates the certificate, it knows that the Application object's certificate configuration is correct.

Onboard validation can be done using agentless connections, or by using the Trust Protection Platform Server Agent.

You can see the validation status on the certificate's details page.

The validation status is displayed on the certificate details screen in the Validation section.

This box contains the following information:

  • Timestamp. This indicates when the validation check was last performed. This may be updated either by daily tasks, or by kicking off a manual validation for a certificate via either the WebSDK or by clicking the ValidateNow option in the Actions button.
  • SSL/TLS. This shows either Success or Failure, if after reviewing all the validation details for SSL/TLS validation if everything is successful, the result will be Success. If anything fails with the End Entity or Chain validation, then the result will be Failure.
  • File/Installation. This checks the onboard/file/installation validation of all provisioning applications. If all are successful, then this will show Success. If any fail, then this will be shown as a Fail. If all provisioning applications are basic applications, then this will show No validation results.
  • State. The state is represented by the icon. This state shows the overall validation status of the certificate. If both SSL/TLS and File/Installation validation types are successful, this will show Success. If either SSL/TLS OR File/Installation validation types failed, this will show Fail.

To kick off an instant validation of both SSL/TLS and File/Installation validation, click the Validate Now option in the Actions button.

In the Policy Tree, the validation status is displayed on the Certificate Summary tab, in the Certificate Status panel.

This box contains the following information:

  • Last Check. This indicates when the validation check was last performed. This may be updated either by daily tasks, or by kicking off a manual validation for a certificate via either the WebSDK or by clicking the ValidateNow button.
  • SSL/TLS Result. This shows either Success or Failure, if after reviewing all the validation details for SSL/TLS validation if everything is successful, the result will be Success. If anything fails with the End Entity or Chain validation, then the result will be Failure.
  • File Result. This checks the onboard/file/installation validation of all provisioning applications. If all are successful, then this will show Success. If any fail, then this will be shown as a Fail. If all provisioning applications are basic applications, then this will be blank.
  • State. In Policy Tree, it is shown as the State field. This state shows the overall validation status of the certificate. If both SSL/TLS and File/Installation validation types are successful, this will show Success. If either SSL/TLS OR File/Installation validation types failed, this will show Fail.

To kick off an instant validation of both SSL/TLS and File/Installation validation, click the Validate Now button.