Configure settings for certificate validation
Certificate validation settings allow you to define the settings that the Secure SD-WAN Engine uses when it connects to a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) server.
The Secure SD-WAN Engine validates certificates and checks the certificate revocation status for features that have certificate validation and certificate revocation checks enabled, such as features that use a TLS Profile in the configuration.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Click
Save
and Refresh to transfer the configuration changes.
Engine Editor > Advanced Settings > Certificate Validation
Use this branch to specify settings for certificate validation and revocation status checks on the engine. The settings are used for features that have certificate validation and certificate revocation checks enabled.
| Option | Definition |
|---|---|
| HTTP Proxy (Optional) |
When specified, OCSP and CRL lookups are sent through an HTTP proxy instead of the engine accessing the external network directly. |
| Timeout for OCSP and CRL Lookups | The maximum amount of time that the engine tries to connect to the CRL or OCSP server if the connection has failed. The default is 120 seconds. |
| Active destination server certificate probing | When selected, it enables the Secure SD-WAN Engine to fetch the server certificate over a separate TLS connection before establishing the original connection. |
| Server certificate cache timeout | The set value for this field determines how long the previously fetched certificates are to be retained. |