Enforce certificate trust [Updated in Security Center 1.3, removed in 2.0, added in 7.0]
Use system properties to ensure that certificate expiration and trust are checked for certificates received from outbound HTTPS call endpoints when host verification is not performed.
When com.glide.communications.trustmanager_trust_all is set to true, then certificate expiration and trust are not checked for the certificate received from an outbound HTTPS call endpoint when host verification is not performed.
Verify that the com.glide.communications.trustmanager_trust_all system property is set to the recommended value of false. This ensures that your instance only trusts certificates that it can verify against the JVM certificate store. Self-signed and enterprise-signed certificates are not trusted. This property only applies when com.glide.communications.httpclient.verify_hostname is set to false.
More information
| Attribute | Description |
|---|---|
| Property name | com.glide.communications.trustmanager_trust_all |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Communications |
| Purpose | To enforce certificate validation for outgoing requests. |
| Recommended value | false |
| Security risk rating | 5.7 |
| Functional impact | This remediation enforces strict validation on certificate CA (certificate authority) field. If a trusted entity (CA) issued the certificate, the instance accepts it for further use. |
| Security risk | (Medium) For confidentiality and integrity reasons, application should validate the certificate's CA before using the certificate for any transactional operations. |
| References |