Configuring validation for certificates

You can configure certificate validation in TLS Protect. As part of validation, you need to specify the certificate's validation settings so that Trust Protection Platform can locate the certificate and verify that it's installed correctly.

IMPORTANT  You must have View and Write permissions to the application.

  1. From the TLS Protect menu bar, click Inventory> Certificates.

  2. Find the certificate that you want to configure, and then click the certificate's name.

  3. In the sidebar, click SSL/TLS.

  4. Click Certificate Settings.

  5. Edit the Certificate SSL/TLS Validation Settings as needed.

  • Validate SSL/TLS connections for this certificate? Select Yes or No. Yes will enable Trust Protection Platform to turn on daily TLS validation of this certificate. The Port is the network port that Trust Protection Platform will use to connect to the target device hosting the certificate when making the TLS connection.
  • Use certificate's Common Name - Validation scans include network addresses resolved from the common name of the certificate.
  • Use Certificate DNS Subject Alternative Names - Validation scans include network addresses resolved from the DNS Subject Alternative Names (SANs) of the certificate, if any.
  • Validate the chain returned by the hosting server - The chain returned by the hosting server is compared to the chain that Trust Protection Platform builds using its internal algorithm to ensure a match. By default, chain validation is enabled and affects the SSL/TLS validation result.

  • You can define other network addresses and ports by creating a device and Basic application object.

    See Creating a device object in the Policy Tree.

Related Topics Link IconRelated Topics