You can configure the App Volumes agent to check if the SSL certificate used by a server to communicate with the agent is revoked or not.

App Volumes agents use SSL to communicate with App Volumes Manager and validate the certificate. By default, the App Volumes agent does not check if the SSL certificate that is used by the server to communicate with the agent is revoked or not. This can lead to decreased security in the form of persistent MITM attacks against the App Volumes agent.

Prerequisites

  • You must have administrator privileges to the machine where the App Volumes agent is installed.
  • SSL and SSL certificate validation must be enabled on the agent. If you have enabled HTTP on the manager, and deactivated SSL on the agent, you cannot check for certificate revocation on the server.

Procedure

  1. Log in as administrator to the machine where App Volumes agent is installed.
  2. Run regedit to open the Windows registry settings, and select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svservice\Parameters.
  3. Select and set the EnforceSSLCertificateRevocation DWORD key to 1.
    Note: The EnforceSSLCertificateRevocation variable can be set only if the EnforceSSLCertificateValidation key is already enabled.

Results

If the SSL certificate is revoked on the server and SSL certificate revocation checking is enabled on the agent, the SSL connection between agent and manager is immediately terminated.