SSL Scanner
Using this section, you can configure actions for content with certificates issued
by known Certificate Authorities (CAs) that are either trusted or untrusted, as
well as for unknown Certificate Authorities.
A vendor, having signed content by issuing a certificate, may request a CA to
issue a certificate to sign this vendor certificate. This CA may itself have been
signed by another CA, issuing certificates on a higher level. Together, these
certificates form a certificate chain, which is inspected in a verification process.
The CA that signed a certificate located on a lower level of the certificate chain
is also called the root CA.
The verification process begins by checking the CA that immediately signed
the vendor certificate. It may be known, i. e., be included in the list of known
CAs. If the CA is unknown, the verification process checks the CA on the
next level and goes on to do so, until a known CA is found, or all CAs in the
certificate chain have proven to be unknown. Usually, there are no more than
three levels to a certificate chain.
The first known CA to be found in the verification process is then checked as
to whether it is trusted or untrusted. To be trusted, a CA must be included in
the list of trusted CAs.
The list of trusted CAs is configured in the
Trusted Certificate Authorities
section, which is also provided on this tab.
To edit the list of known CAs, use the
Known Certificate Authorities
link,
which is located at the top of this tab, to go to the tab provided for this purpose.
When configuring actions for trusted CAs, remember that you have to select
actions that include a
Log Incident
part, e. g.
Block & Log Incident
, if you
want to have incidents related to these CAs listed by the incident manager.
After specifying the appropriate settings here, click on
Apply Changes
to
make them effective.
Use the drop-down lists provided here to configure actions for the following
situations:
•
First known CA is trusted
Select an action here that should be taken if the first known CA is trusted.
•
First known CA is untrusted
Select an action here that should be taken if the first known CA is untrusted.
•
Only unknow CAs found
Select an action here that should be taken if only unknown CAs have been
found.
4–19
Summary of Contents for SSL Scanner
Page 1: ...USER S GUIDE Webwasher SSL Scanner Version 6 5 www securecomputing com...
Page 20: ......
Page 108: ......
Page 160: ......
Page 167: ......