|
|
|
The GINA and Credential Provider have been enhanced. You can now configure the GINA and Credential Provider so that clients only accept valid SSL certificates. You can configure the GINA and Credential Provider so that the Yes button (accept certificate) is unavailable on the Security Warning dialog when an expired or invalid SSL certificate is imported.
This prevents clients accepting expired certificates, or non-genuine certificates from hosts attempting to impersonate a trusted CA Identity Manager server, greatly reducing the risk of man-in-the-middle attacks and the possibility of executing malicious code. This option also prevents the user from accessing the local filesystem through the Security Warning dialogs.
An option has been added to allow administrators to enable this setting during silent install.
To enable this option, set the REJECTINVALIDCERTS=Yes in the silent install options.
Note: This feature is not enabled by default.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |