Server Certificate Validation

HTTP > HTTPS Decryption> Settings | Server Certificate Validation

This screen allows you to enable options to verify server certificates from remote servers and automates certificate tests such as querying certificate revocation lists and establishing certificate validity.

• Notes:
  1. If you disable certificate validation, clients can access any HTTPS Web site without checking server certificates.
  2. If a certificate does not pass a certificate validation test, clients can still choose to access a Web site through an HTTPS connection. A warning screen displays on the client's browser.

• Enable the Certificate Verification—Select this option to check certificates from remote servers.

• Deny Certificates where the CommonName does not match the URL—Select this option to deny a certificate if the CommonName does match the accessed URL. IWSVA treats the certificate as invalid.

• Allow Wildcard-Certificates—Select this option to allow and verify certificates whose CommonName is represented by a wildcard. Disable this option to deny any certificate with a CommonName expressed using wildcards.

• Deny expired or wrong purpose certificates—Select this option to deny certificates that are expired or certificates that cannot be used for their intended purpose.

• Verify entire certificate chain—Select this option to ensure that a given certificate chain (from the supplied certificate to the Certificate Authority's certificate) is valid and trustworthy.

• Certificate Revocation check by CRL—Select this option to check whether a certificate is revoked (becomes invalid) by looking up the Certificate Revocation List (CRL).