Configure settings for certificate validation
Certificate validation settings allow you to define the settings that the NGFW Engine uses when it connects to a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) server.
The NGFW Engine validates certificates and checks the certificate revocation status for features that have certificate validation and certificate revocation checks enabled, such as features that use a TLS Profile in the configuration.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor – Advanced Settings – Certificate Validation
Use this branch to specify settings for certificate validation and revocation status checks on the engine. The settings are used for features that have certificate validation and certificate revocation checks enabled.
Option | Definition |
---|---|
HTTP Proxy (Optional) |
When specified, OCSP and CRL lookups are sent through an HTTP proxy instead of the engine accessing the external network directly. |
Timeout for OCSP and CRL Lookups | The maximum amount of time that the engine tries to connect to the CRL or OCSP server if the connection has failed. The default is 120 seconds. |