Scan encrypted traffic, 4 scan encrypted traffic – Secure Computing SSL Scanner User Manual

SSL Scanner

If the Common Name in a certificate is, e. g.

abcde.com

, but the Web

server’s URL is in fact

www.abcde.com

, no match is achieved.

•

Wildcard matches host name

Compares the wildcard used in a certificate to represent a Common Name
to the host name. So, e. g. the wildcard expression

*.ccc

.de matches

www.ccc.de

.

If a match is achieved, the configured action will be executed.

•

Certificate is expired for more than ... days

Checks if a certificate has expired. If more than the number of days config-
ured here have elapsed since expiration of the certificate, the configured
action will be executed. A grace period may allow the use of the certificate
even after it has expired.

Enter the desired number of days in the input field provided with this option.

•

Certificate is revoked

Checks if a certificate has been revoked. For this purpose, the Certificate
Revocation List (CRL) is used. If the certificate has been revoked, the
configured action will be executed.

•

Revocation status is unresolvable

The reason why the revocation status is unresolvable could be that the cor-
responding certificate authority or the path leading to the Certificate Revo-
cation List (CRL) is not known.

4.4

Scan Encrypted Traffic

The

Scan Encrypted Traffic

options are invoked by clicking on the corre-

sponding button under

SSL Scanner:

If you want to enable any of these options, make sure the checkbox on this
button is also marked. The checkbox is marked by default.

After modifying the setting of this checkbox, click on

Apply Changes

to make

the modification effective.

These are policy-dependent options, i. e. they are configured for a particular
policy. When you are configuring these options, you need to specify this policy.

4–8