CVE configurations

Before you begin

This section describes a phased approach to deploying certificate verification. It is recommended that in addition to the production environment, Content Gateway be installed in a controlled test environment in which phased configuration can be tested and monitored, and problems remediated and tested again. When the test environment is functioning as desired, the configuration can be rolled out to the production environment with continued monitoring and testing. The starting point assumes that Content Gateway is stable and SSL support is off.

The phases of SSL and CVE deployment include:

Steps

  1. Enabling SSL support.
    This automatically enables the options for certificate verification engine (CVE), verification of the entire certificate chain, and denial of self-signed certificates.
  2. Adding CVE checks to the configuration as needed.
    The entire certificate chain is validated for each CVE check enabled.