Table 4.3: system certificate policy – Avocent Network Device SPC420 User Manual

48 DSView 3 Software Installer/User Guide

4.

Enable/disable checkboxes or select values as indicated for each setting.

5.

Click Save.

Table 4.3: System Certificate Policy

Feature

Value when enabled

Chain Building

Authority Info Access (AIA)

Permits the DSView 3 software to use the AIA certificate extension to
locate a certificate’s issuer.

Max chain length

Maximum allowable number of certificates (inclusive) between the leaf
certificate and a trusted certificate. Valid range is 1-16.

Chain Validation

Partial chains

Allows partial chains. (If disabled, partial chains will be considered
invalid, even if the chain contains a trusted certificate.)

Usage flags

A certificate may be used only for the reasons dictated in the
certificate. For example, a certificate must be flagged as CA
(Certificate Authority) to be considered a valid certificate issuer.

Validity period

The current date and time on the server must be within the window on
each certificate in the chain.

Verify signatures

The signatures within the certificate chain are checked for validity.

Certificate Revocation Lists (CRL)

CRL checks

If CRLs are available, they are checked to determine a certificate’s
revocation status.

Distribution points

CRLs may be located using the distribution point certificate extension.

Reject on error

The DSView 3 software will reject a certificate chain if a CRL is
specified (either in the certificate or the DSView 3 trust store) and it
cannot be read or is invalid.

Secure Sockets Layer (SSL)

Name verification

Outbound SSL connections will verify server names.

Subject alternative names

The server names may match the certificate common name or one of
the subject alternative names.

User Certificates

Verify using trust store

User certificates presented to the DSView 3 software are verified using
the System Trust Store.