Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway SSL Certificate Verification > SSL support and the Certificate Verification Engine (CVE)
SSL support and the Certificate Verification Engine (CVE)
SSL and TLS are the standard protocols used by HTTPS to establish secure connections and transmit secure data on the Internet.
A primary feature of SSL/TLS is the connection handshake. At the onset of establishing an HTTPS connection, the certificate verification process verifies that the Certificate Authority (CA) certificates offered by the origin servers are legitimate and meet the configured set of verification conditions. See Common verification checks.
When the handshake is successful, a secure connection is established and encrypted content is passed.
To configure the CVE in the Content Gateway manager, go to Configure > SSL > Validation > General.
 
* 
Important
Acquiring a complete understanding of the behavior of each option is the best way to achieve your certificate verification objectives.
For more information on CVE options, see Validating certificates.
Common verification checks
Common verification checks include:
1.
The certificate must be issued by a trusted Certificate Authority (CA).
2.
The fully qualified hostname in the HTTPS request URL and the certificate owner ("Issued to" name) must match.
3.
The certificate must be current (within its "Valid from...to..." date range).
4.
The certificate must not be on a revocation list (either CRL or OCSP).
5.
Checks 1-4 are recursively applied to every certificate in the trust chain.
6.
The certificate is not self-signed.
 
* 
Note 
In the above list, quoted field names (" ") are those used by Internet Explorer.
Below is a certificate as it appears in Internet Explorer 11. The numbers in red correspond to checks in the preceding list.
 
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway SSL Certificate Verification > SSL support and the Certificate Verification Engine (CVE)
Copyright 2022 Forcepoint. All rights reserved.