Server Certificate Validation

When the gateway acts as a forward proxy, server certificate validation is automatically included in traffic processing. A designated server certificate validation action is not required in order to process traffic but it can improve the general security. By default, server certificate validation is not enabled and traffic going to servers that may have an invalid server certificate passes. Enable a server certificate validation action to prioritize rules for traffic that should not be allowed, or for specific traffic that should be trusted even regardless of its server certificate validations state.

Note	This validation process is only applicable for forward proxy environments and when decryption is enabled.

We recommend enable server certificate validation actions primarily in the TLS decrpytion profile for general rule actions. FQDN service objects can be modified to enable validation actions if you need to override the TLS decryption selection. You can include and enable a server certificate validation in two methods:

• TLS Decryption

• FQDN Service Object