Certificate validation checks on Email prevent

book

Article ID: 222787

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

DLP's behavior with certificate validation checks on Email Prevent servers

Environment

Release : 15.7

Component : Default-Sym

Resolution

DLP Does validation on the downstream MTA's certificate by default.  For certificates on the email prevent server itself, it does not do certificate validation checks.  The upstream MTA should be doing those checks on the certificate.  At present, there isn't any mechanism in DLP to monitor expired certificates or about to expire certificates. 

Additional Information

We can disable the downstream verification check if needed with the setting "RequestProcessor.AllowUnAuthenticatedConnections" found in the Enforce console >> System >> Servers and detectors >> Overview >> [Detection Server] >> Server Settings >> RequestProcessor.AllowUnAuthenticatedConnections