To configure certificate policy settings:
1.
Click the System tab.
2.
Click Global Properties in the top navigation bar.
3.
Click X.509 Certificates in the side navigation bar. The System Certificate Policy window
will open.
4.
Enable/disable checkboxes or select values as indicated for each setting. Table 1.10 lists and
describes the settings.
Table 1.10: System Certificate Policy
Feature
Chain Building
Authority Info Access (AIA)
Max chain length
Chain Validation
Partial chains
Usage flags
Validity period
Verify signatures
Certificate Revocation Lists (CRL)
CRL checks
Distribution points
Reject on error
Secure Sockets Layer (SSL)
Name verification
Subject alternative names
Value when enabled
Permits the DSView 3 software to use the AIA certificate extension to
locate a certificate's issuer.
Maximum allowable number of certificates (inclusive) between the leaf
certificate and a trusted certificate. Valid range is 1-16.
Allows partial chains. (If disabled, partial chains will be considered
invalid, even if the chain contains a trusted certificate.)
A certificate may be used only for the reasons dictated in the
certificate. For example, a certificate must be flagged as CA
(Certificate Authority) to be considered a valid certificate issuer.
The current date and time on the server must be within the window on
each certificate in the chain.
The signatures within the certificate chain are checked for validity.
If CRLs are available, they are checked to determine a certificate's
revocation status.
CRLs may be located using the distribution point certificate extension.
The DSView 3 software will reject a certificate chain if a CRL is
specified (either in the certificate or the DSView 3 trust store) and it
cannot be read or is invalid.
Outbound SSL connections will verify server names.
The server names may match the certificate common name or one of
the subject alternative names.
Chapter 1: Product Overview
27