Integrated SSL Scanning
Page 2
Finjan proprietary and confidential
then it generates, on the fly, a new certificate, which includes the same
information as the original certificate. The Scanning Server signs the new
certificate with its own private key and sends it to the end-user.
2.2
Certificate Validation
Vital Security HTTPS ensures that corporate policies for certificates are
enforced, while removing the decision from the end-
user’s hands by
automatically validating each certificate and making sure that the chain
goes back to the trusted authority. Policies regarding certificates are
enforced by checking individual certificate names, expiry dates, trusted
authority chains and revocation lists.
A list of trusted certificate authorities is supplied with the system and used
for digital signature analysis and for HTTPS certificate validation. Digital
certificate lists are updated via Finjan security updates. These lists include
the required trusted certificate authorities as well as the Certificate
Revocation Lists (CRLs).
Certificate validation is based on the action taken for policy type (Bypass /
Inspect Content / User Approval). When Bypass is selected, the original
server certificate is obtained and certificate validation is not performed by
the system (i.e. no security or https validation carried out on traffic). If
Inspect Content or User Approval is selected, the server certificates are
analyzed and replaced by a certificate containing the same mismatches as
the original one. The resulting mismatches are compared against SSL
certificate conditions.
To view the certificate validation rules navigate in the Management
Console to Policies
Condition Settings
HTTPS Certificate Validation
Default Certificate Validation Profile.
You can also duplicate the default profile and adjust it to your
organization’s needs.
The Default Certificate Validation Profile comprises the certificate error
events.
