Certificate Revocation List (CRL) updates occur as part of the daily update process on Web Gateway. McAfee does not host these Web Gateway updates.
To obtain the CRL files, Web Gateway contacts many servers. If any of these servers is down, or has issues hosting the CRL file, your Dashboard displays alert-level warning messages.
To reduce administrative overhead associated with managing these alerts and CRLs, Technical Support recommends that you implement the McAfee-maintained known Certificate Authority list in your Web Gateway configuration. McAfee maintains and regularly updates this list.
To use a McAfee-maintained known Certificate Authority list:
- In the Web Gateway user interface (UI), click Policy.
- Click the Lists tab.
- Click the green Add icon.
- Type a name for the list in the Name field.
- Select List Content is managed remotely.
- Under Source, select McAfee Maintained List.
- Click Choose.
- Under Miscellaneous, select the Default Known Certificate Authorities list.
- Save your changes.
Enable the list in your Web Gateway policy:
- In the Web Gateway UI, click Policy, Settings, Engines, Certificate Chain.
- Edit the Certificate Chain engine that you are using in your SSL Scanner's Certificate Verification rules.
NOTE: The Certificate Chain engine used in default SSL Scanner rules is listed as Default.
- In the List of certificate authorities drop-down box, select the McAfee Maintained List you created above.
- Save your changes.
