ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Certificate validation checks on Email prevent


Article ID: 222787


Updated On:


Data Loss Prevention


DLP's behavior with certificate validation checks on Email Prevent servers


Release : 15.7

Component : Default-Sym


DLP Does validation on the downstream MTA's certificate by default.  For certificates on the email prevent server itself, it does not do certificate validation checks.  The upstream MTA should be doing those checks on the certificate.  At present, there isn't any mechanism in DLP to monitor expired certificates or about to expire certificates. 

Additional Information

We can disable the downstream verification check if needed with the setting "RequestProcessor.AllowUnAuthenticatedConnections" found in the Enforce console >> System >> Servers and detectors >> Overview >> [Detection Server] >> Server Settings >> RequestProcessor.AllowUnAuthenticatedConnections