Security

<< Click to Display Table of Contents >>

Navigation:  Reference > Settings > !MC5 >

Security

 

Ref_Security_001

 

Validation sources

 

Used to specify, which sources !MC5 should use to validate certificates. In order to successfully validate a certificate, the issuer certificate has to be present in one of the validation sources.

 

Use !MC5 default certificates - !MC5 has a default certificate store containing issuer certificates, that is maintained by Bartsch Software. It contains often used issuer certificates, that are not present in the windows certificate store, e.g. root and CA certificates of the Odette organisation. If the module OFTP2 is licensed, then this option is activated by default. The !MC5 default certificates can be viewed in the Certificates section.

 

Use TSLs - Trusted Service Status Lists (TSLs) are lists of trusted issuer certificates published by different organisations. Activating this option includes the TLSs listed in the section TSLs for certificate validation. If the module OFTP2 is licensed, this option is enabled by default. The Odette OFTP2 TSL is always present so it is then used as recommended by Odette.

 

Download Odette TSL via unsecure HTTP connection (not recommended!) - By default the Odette TSL get downloaded using a encrypted HTTPS connection. By enabling this option the TSL get downloaded using an unencrypted HTTP connection. This might be useful, if the secure download isn't possible due to local network settings. Though the downloaded TSLs signature is always validated before using it, downloading it using an encrypted HTTPS connection is recommended for security reasons.

 

Use Windows certificate store - Activate this option to use certificates from Windows' certificate store for validation. Be advised that certificates present in the Windows store might depend on the user account used to start !MC5, as each user account has its own certificate store.

 

Next to the de-/activated validation sources user defined certificates (see Certificates) are always used for validation.

 

Validation options

 

Mandatory revocation check - When validating certificates !MC5 can automatically check for certificate revocation using CRLs (Certificate Revocation Lists) or OSCP (Online Certificate Status Protocol). If this option is activated, a successful revocation check, either CRL or OSCP, is mandatory (if one or both methods are available for the specific certificate). If the revocation check fails, validation fails. Depending on the local network configuration, the revocation check can fail due to firewalls blocking access to the respective resources. In such a case deactivte this option or change the firewall/network configuration.