Now that SSL support is on and stable, with Deny self-signed certificates and
Verify entire certificate chain enabled, enable the CVE with CRL checking enabled. The CRL check is an essential certificate verification check that rarely fails in error.
When you are satisfied with certificate verification using Deny self-signed certificates and
Verify entire certificate chain with the CRL check, you can start to enable additional verification options. Enable options one at a time and repeat the same testing procedures.
In addition to the verification options, SSL support includes an option for Verification Bypass (Configure > SSL > Validation > Verification Bypass). This feature is turned on by default and means that when certificate verification fails, a dialog box warns the user that a failure has occurred and gives the user the option to go to the site anyway.