Applies To:
Trust Protection Platform 15.3
Symptom:
Validation section on the Summary tab shows "Failure"
The Validation tab shows "No Chain" under the Chain Results Column.
Resolution:
Chain validation is now factored into the overall validation result by default. No chain means the server hosting the certificate did not return any chain so any client of that server would either need to explicitly trust the end-entity or the issuer of the end-entity which is generally considered a misconfigured server. If that misconfiguration is deemed acceptable, you can turn off chain validation for that particular certificate. I expect quite a few certificates on servers will be identified as being misconfigured. If you don't want chain validation you can also disable it by policy using Aperture.
To Turn Off Chain Validation for certificate:
- After logging into aperture click on Inventory > Certificates.
- Find the certificate in question.
- On the left hand side, select SSL/TLS > Validation Settings (Top Right Corner).
- Uncheck "Validate the chain returned by the hosting server"
- Click Save.
To Turn off Chain Validation for a Policy:
- After logging into Aperture, click on Configuration > Folders.
- Select the folder you would like to disable chain validation.
- Scroll down to "Validation Settings" and uncheck "Validate the chain returned by the hosting server"
- Click Save.
Comments