Object Name
|
Name of the policy. The name can contain a maximum of 32 characters.
|
Server Certificate Checks
|
Expired Certificate
|
Defines what the policy should do if the server certificate has expired. The options are:
-
Drop: Drop traffic
-
Decrypt: Decrypt traffic
|
Untrusted Certificate
|
Defines what the policy should do if the server certificate is not trusted. The options are:
-
Drop: Drop traffic
-
Decrypt: Decrypt traffic
|
Certificate Revocation Status
|
Defines whether the Online Certificate Status Protocol (OCSP) should be used to check the revocation status of the server
certificate. The options are Enabled or Disabled.
|
Unknown Revocation Status
|
Defines what the policy does, if the OCSP revocation status is unknown.
-
Drop: Drop traffic
-
Decrypt: Decrypt traffic
|
Unsupported Mode Checks
|
Unsupported Protocol Versions
|
Defines the unsupported protocol versions.
|
Unsupported Cipher Suites
|
Defines the unsupported cipher suites.
|
Failure Mode
|
Defines the failure mode. The options are close and open.
|
Certificate Bundle
|
Check the Use default CA certificate bundle checkbox to use the default CA.
|
Minimum TLS Version
|
Sets the minimum version of TLS that the proxy should support. The options are: TLS 1.0, TLS 1.1, TLS 1.2
|
Proxy Certificate Attributes
|
RSA Keypair Modules
|
Defines the Proxy Certificate RSA Key modules. The options are: 1024 bit RSA, 2048 bit RSA, 4096 bit RSA
|
EC Key Type
|
Defines the key type. The options are: P256, P384, P521
|
Certificate Lifetime (in Days)
|
Sets the lifetime of the proxy certificate, in days.
|