Use system properties to ensure that certificate expiration and trust are checked for certificates received from outbound HTTPS call endpoints when host verification is not performed.

When com.glide.communications.trustmanager_trust_all is set to true, then certificate expiration and trust are not checked for the certificate received from an outbound HTTPS call endpoint when host verification is not performed.

Verify that the com.glide.communications.trustmanager_trust_all system property is set to the recommended value of false. This ensures that your instance only trusts certificates that it can verify against the JVM certificate store. Self-signed and enterprise-signed certificates are not trusted. This property only applies when com.glide.communications.httpclient.verify_hostname is set to false.

Note: The values for these properties are Safe override and cannot be altered once changed (they are non-revertible). For security purposes, do not change this property value. If you have further questions, contact Customer Service and Support.

More information

AttributeDescription
Property name com.glide.communications.trustmanager_trust_all
Configuration type System Properties (/sys_properties_list.do)
Category Communications
Purpose To enforce certificate validation for outgoing requests.
Recommended value false
Security risk rating 5.7
Functional impact This remediation enforces strict validation on certificate CA (certificate authority) field. If a trusted entity (CA) issued the certificate, the instance accepts it for further use.
Security risk (Medium) For confidentiality and integrity reasons, application should validate the certificate's CA before using the certificate for any transactional operations.
References

Certificates

Verify certificate chain and hostname [New in Security Center 1.3]