48DSView 3 Software Installer/User Guide

4.Enable/disable checkboxes or select values as indicated for each setting.

Table 4.3: System Certificate Policy

Feature

Value when enabled

 

 

Chain Building

 

 

 

Authority Info Access (AIA)

Permits the DSView 3 software to use the AIA certificate extension to

locate a certificate’s issuer.

 

 

 

Max chain length

Maximum allowable number of certificates (inclusive) between the leaf

certificate and a trusted certificate. Valid range is 1-16.

 

 

 

Chain Validation

 

 

 

Partial chains

Allows partial chains. (If disabled, partial chains will be considered

invalid, even if the chain contains a trusted certificate.)

 

 

 

 

A certificate may be used only for the reasons dictated in the

Usage flags

certificate. For example, a certificate must be flagged as CA

 

(Certificate Authority) to be considered a valid certificate issuer.

 

 

Validity period

The current date and time on the server must be within the window on

each certificate in the chain.

 

 

 

Verify signatures

The signatures within the certificate chain are checked for validity.

 

 

Certificate Revocation Lists (CRL)

 

 

 

CRL checks

If CRLs are available, they are checked to determine a certificate’s

revocation status.

 

 

 

Distribution points

CRLs may be located using the distribution point certificate extension.

 

 

 

The DSView 3 software will reject a certificate chain if a CRL is

Reject on error

specified (either in the certificate or the DSView 3 trust store) and it

 

cannot be read or is invalid.

 

 

Secure Sockets Layer (SSL)

 

 

 

Name verification

Outbound SSL connections will verify server names.

 

 

Subject alternative names

The server names may match the certificate common name or one of

the subject alternative names.

 

 

 

User Certificates

 

 

 

Verify using trust store

User certificates presented to the DSView 3 software are verified using

the System Trust Store.

 

 

 

5.Click Save.

Page 68
Image 68
Avocent SPC420 manual Chain Validation, Certificate Revocation Lists CRL, Secure Sockets Layer SSL, User Certificates