Certificate Revocation List (CRL) updates occur as part of the daily update process on WG. We don't host these WG updates.
To obtain the CRL files, WG contacts many servers. If any of these servers is down, or has issues hosting the CRL file, your Dashboard displays alert-level warning messages.
To reduce administrative overhead associated with managing these alerts and CRLs, Technical Support recommends that you implement the McAfee-maintained known Certificate Authority list in your WG configuration. We maintain and regularly update this list.
To use a McAfee-maintained known Certificate Authority list:
- In the WG user interface (UI), click Policy.
- Click the Lists tab.
- Click the green Add icon.
- Type a name for the list in the Name field.
- Select List Content is managed remotely.
- Under Source, select McAfee Maintained List.
- Click Choose.
- Under Miscellaneous, select the Default Known Certificate Authorities list.
- Save your changes.
Enable the list in your WG policy:
- In the WG UI, click Policy, Settings, Engines, Certificate Chain.
- Edit the Certificate Chain engine that you're using in your SSL Scanner's Certificate Verification rules.
NOTE: The Certificate Chain engine used in the default SSL Scanner rules is listed as Default.
- In the List of certificate authorities drop-down field, select the McAfee-Maintained List you created above.
- Save your changes.
