User guide
Managed appliance certificates
&HUWLILFDWHV DUH DOVR XVHG IRU DXWKHQWLFDWLQJ DQG DXWKRUL]LQJ PDQDJHG DSSOLDQFH VHVVLRQV ZKHQ D
PDQDJHG DSSOLDQFH LV DGGHG LQ VHFXUH PRGH 6HH $GGLQJ 8QLWV RQ SDJH
System certificate policy and trust store
'69LHZ VRIWZDUH DGPLQLVWUDWRUV PD\ FRQILJXUH WKH FHUWLILFDWH SROLF\ E\ HQDEOLQJGLVDEOLQJ
VHWWLQJV 7KH WUXVW VWRUH FRQWDLQV D OLVW RI DOO WUXVWHG FHUWLILFDWH DXWKRULWLHV NQRZQ WR WKH '69LHZ
VRIWZDUH <RX PD\ DGG UHPRYH RU PRGLI\ WKH ORFDWLRQ RI WUXVW VWRUH HQWULHV
To configure certificate policy settings:
&OLFN WKH 6\VWHP WDE
&OLFN *OREDO 3URSHUWLHV LQ WKH WRS QDYLJDWLRQ EDU
&OLFN ; &HUWLILFDWHV LQ WKH VLGH QDYLJDWLRQ EDU 7KH 6\VWHP &HUWLILFDWH 3ROLF\ ZLQGRZ
ZLOO RSHQ
(QDEOHGLVDEOH FKHFNER[HV RU VHOHFW YDOXHV DV LQGLFDWHG IRU HDFK VHWWLQJ
Table 4.3: System Certificate Policy
Feature Value when enabled
Chain Building
Authority Info Access (AIA)
Permits the DSView software to use the AIA certificate extension to
locate a certificate’sissuer.
Max chain length
Maximum allowable number of certificates (inclusive) between the leaf
certificate and a trusted certificate. Valid range is 1-16.
Chain Validation
Partial chains
Allows partial chains. (If disabled, partial chains will be considered
invalid, even if the chain contains a trusted certificate.
Usage flags
A certificate may be used onlyfor the r easonsdictated in the certificate.
For example, a certificate must be flagged as CA (Certificate Authority)
to be considered a valid certificate issuer.
Validity period
The current date and time on the server must be within the window on
each certificate in the chain.
Verifysignatures The signatures within the certificate chain are checked for validity.
54 '69LHZ ,QVWDOOHU8VHU *XLGH