Secure Computing SSL Scanner User Manual

Page 179

Advertising
background image

SSL Scanner

Using this section, you can configure actions for content with certificates issued
by known Certificate Authorities (CAs) that are either trusted or untrusted, as
well as for unknown Certificate Authorities.

A vendor, having signed content by issuing a certificate, may request a CA to
issue a certificate to sign this vendor certificate. This CA may itself have been
signed by another CA, issuing certificates on a higher level. Together, these
certificates form a certificate chain, which is inspected in a verification process.
The CA that signed a certificate located on a lower level of the certificate chain
is also called the root CA.

The verification process begins by checking the CA that immediately signed
the vendor certificate. It may be known, i. e., be included in the list of known
CAs. If the CA is unknown, the verification process checks the CA on the
next level and goes on to do so, until a known CA is found, or all CAs in the
certificate chain have proven to be unknown. Usually, there are no more than
three levels to a certificate chain.

The first known CA to be found in the verification process is then checked as
to whether it is trusted or untrusted. To be trusted, a CA must be included in
the list of trusted CAs.

The list of trusted CAs is configured in the

Trusted Certificate Authorities

section, which is also provided on this tab.

To edit the list of known CAs, use the

Known Certificate Authorities

link,

which is located at the top of this tab, to go to the tab provided for this purpose.

When configuring actions for trusted CAs, remember that you have to select
actions that include a

Log Incident

part, e. g.

Block & Log Incident

, if you

want to have incidents related to these CAs listed by the incident manager.

After specifying the appropriate settings here, click on

Apply Changes

to

make them effective.

Use the drop-down lists provided here to configure actions for the following
situations:

First known CA is trusted

Select an action here that should be taken if the first known CA is trusted.

First known CA is untrusted

Select an action here that should be taken if the first known CA is untrusted.

Only unknow CAs found

Select an action here that should be taken if only unknown CAs have been
found.

4–19

Advertising
Popular Brands
Popular manuals