Avocent DSView 3 4. Enable/disable checkboxes or select values as indicated for each setting., 5. Click Save.

4. Enable/disable checkboxes or select values as indicated for each setting.5. Click Save.

Table 4.3: System Certificate Policy

Feature Value when enabled

Chain Building

Authority Info Access (AIA) Permits the DSView 3 software to use the AIA certificate extension to

locate a certificate’s issuer.

Max chain length Maximum allowable number of certificates (inclusive) between the leaf

certificate and a trusted certificate. Valid range is 1-16.

Chain Validation

Partial chains Allows partial chains. (If disabled, partial chains will be considered

invalid, even if the chain contains a trusted certificate.)

Usage flags A certificate may be used only for the reasons dictated in the

certificate. For example, a certificate must be flagged as CA

(Certificate Authority) to be considered a valid certificate issuer.

Validity period The current date and time on the server must be within the window on

each certificate in the chain.

Verify signatures The signatures within the certificate chain are checked for validity.

Certificate Revocation Lists (CRL)

CRL checks If CRLs are available, they are checked to determine a certificate’s

revocation status.

Distribution points CRLs may be located using the distribution point certificate extension.

Reject on error The DSView 3 software will reject a certificate chain if a CRL is

specified (either in the certificate or the DSView 3 trust store) and it

cannot be read or is invalid.

Secure Sockets Layer (SSL)

Name verification Outbound SSL connections will verify server names.

Subject alternative names The server names may match the certificate common name or one of

the subject alternative names.

User Certificates

Verify using trust store User certificates presented to the DSView 3 software are verified using

the System Trust Store.