Menu path: Setup > Sessions > Browser > Browser Global > Encryption

In this area, you can define the settings for encryption methods and certificate validation.

  • Minimum required encryption protocol: This protocol will be used to establish a secure connection if no higher protocol is available. Higher protocols are preferred.
    Possible options:
    • SSL3
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
  • Maximum supported encryption protocol: This protocol is requested when negotiating the connection. If this protocol is not available, the next lowest protocol will be requested.
    Possible options:
    • SSL3
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
  • When a website requests a certificate: Specifies how the browser behaves if a website requests a security certificate.
    Possible values:
    • Select one automatically: The browser selects a certificate automatically. (default)
    • Ask me every time: A dialog window requesting the certificate will be displayed.
  • View certificates: If you click on this button, the certificates saved in the browser's Certificate Manager will be displayed.
  • Certificate validation: Specifies the validation of certificates using OCSP (Online Certificate Status Protocol).
    • Do not use OCSP for certificate validation: The certificate will not be validated using OCSP.
    • Validate a certificate if it specifies an OCSP server: The certificate will be validated with the OCSP server specified in the certificate. If no OCSP server is specified, no certificate validation will take place. (default)
    • Validate all certificates with the following OCSP server: All certificates will be validated with the OCSP server specified under the Service URL, irrespective of which OCSP server is specified in the certificate.
  • Response signer: Signer of the response from the OCSP server
  • Service URL: URL of the OCSP server
  • When an OCSP server connection fails, treat the certificate as invalid:

    ☑ If, owing to a failed connection to the OCSP server, no validation can take place, the certificate will be treated as invalid. In this case, the browser will show the “This connection is not trusted” error message.

    ☐ The certificate will not be deemed invalid if no check can take place because there is no connection to the OSCP server. (default)

  • Gemalto/SafeNet eToken security device

    Gemalto/SafeNet eToken will be used for encryption.

    Gemalto/SafeNet eToken will not be used for encryption. (default)

  • cryptovision sc/interface security device

    cryptovision sc/interface will be used for encryption.

    cryptovision sc/interface will not be used for encryption. (default)

  • Gemalto IDPrime security device

    Gemalto IDPrime will be used for encryption.

  • Athena IDProtect security device

    Athena IDProtect will be used for encryption.

    Athena IDProtect will not be used for encryption. (default)

  • A.E.T. SafeSign security device

    A.E.T. SafeSign will be used for encryption.

    A.E.T. SafeSign will not be used for encryption. (default)

  • SecMaker Net iD security device

    SecMaker Net iD will be used for encryption.

    SecMaker Net iD will not be used for encryption. (default)

  • Coolkey Security Devices

    ☑ Coolkey will be used for encryption.

    ☐ Coolkey will be not used for encryption. (Standard)

  • OpenSC Security Device

    ☑ OpenSC will be used for encryption.

    ☐ OpenSC will not be used for encryption. (Standard)