SDWAN TLS/SSL Decryption Policy
The TLS/SSL Decryption object refers to a feature or configuration that enables administrators to inspect and manage encrypted traffic passing through the network.
Note | Before creating a TLS/SSL Decryption object in Security Cloud Control, you need to configure certificate authority (CA) from Catalyst SD-WAN Manager under . |
|
Field |
Description |
|---|---|
|
Object Name |
Name of the policy. The name can contain a maximum of 32 characters. |
|
Server Certificate Checks |
|
|
Expired Certificate |
Defines what the policy should do if the server certificate has expired. The options are:
|
|
Untrusted Certificate |
Defines what the policy should do if the server certificate is not trusted. The options are:
|
|
Certificate Revocation Status |
Defines whether the Online Certificate Status Protocol (OCSP) should be used to check the revocation status of the server certificate. The options are Enabled or Disabled. |
|
Unknown Revocation Status |
Defines what the policy does, if the OCSP revocation status is unknown.
|
|
Unsupported Mode Checks |
|
|
Unsupported Protocol Versions |
Defines the unsupported protocol versions.
|
|
Unsupported Cipher Suites |
Defines the unsupported cipher suites.
|
|
Failure Mode |
Defines the failure mode. The options are close and open. |
|
Certificate Bundle |
Check the Use default CA certificate bundle checkbox to use the default CA. |
|
Minimum TLS Version |
Sets the minimum version of TLS that the proxy should support. The options are: TLS 1.0, TLS 1.1, TLS 1.2 |
|
Proxy Certificate Attributes |
|
|
RSA Keypair Modules |
Defines the Proxy Certificate RSA Key modules. The options are: 1024 bit RSA, 2048 bit RSA, 4096 bit RSA |
|
EC Key Type |
Defines the key type. The options are: P256, P384, P521 |
|
Certificate Lifetime (in Days) |
Sets the lifetime of the proxy certificate, in days. |