Systems and methods for policy driven fine grain validation of servers' SSL certificate for clientless SSLVPN access
First Claim
1. A method comprising:
- (a) receiving, by an intermediary device that is intermediary to a plurality of clients and a plurality of servers, a request to access a server of the plurality of servers via a clientless secure socket layer (SSL) virtual private network (VPN) connection;
(b) accessing, by the intermediary device and responsive to the request, a plurality of preconfigured policies for use by the intermediary device to restrict SSL server certificate validation to a set of servers, from the plurality of servers, specified in the plurality of preconfigured policies, each preconfigured policy of the plurality of preconfigured policies specifying at least one respective server of the plurality of servers for which to apply SSL server certificate validation;
(c) identifying, by the intermediary device, for the server of the request, a preconfigured policy from the plurality of preconfigured policies, the intermediate device configured to apply SSL certificate validation for the server if the preconfigured policy indicates that the server is to be validated using one or more certificate authority (CA) certificates that are a subset of a plurality of CA certificates available to the intermediary device, and to forego the SSL certificate validation for the server if otherwise;
(d) performing, at the intermediary device responsive to the preconfigured policy indicating that the server is to be validated, validation of a SSL server certificate of the server using the one or more CA certificates specified by the preconfigured policy; and
(e) establishing, by the intermediary device responsive to the SSL server certificate validation, the clientless SSL VPN connection with the server.
7 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.
23 Citations
18 Claims
-
1. A method comprising:
-
(a) receiving, by an intermediary device that is intermediary to a plurality of clients and a plurality of servers, a request to access a server of the plurality of servers via a clientless secure socket layer (SSL) virtual private network (VPN) connection; (b) accessing, by the intermediary device and responsive to the request, a plurality of preconfigured policies for use by the intermediary device to restrict SSL server certificate validation to a set of servers, from the plurality of servers, specified in the plurality of preconfigured policies, each preconfigured policy of the plurality of preconfigured policies specifying at least one respective server of the plurality of servers for which to apply SSL server certificate validation; (c) identifying, by the intermediary device, for the server of the request, a preconfigured policy from the plurality of preconfigured policies, the intermediate device configured to apply SSL certificate validation for the server if the preconfigured policy indicates that the server is to be validated using one or more certificate authority (CA) certificates that are a subset of a plurality of CA certificates available to the intermediary device, and to forego the SSL certificate validation for the server if otherwise; (d) performing, at the intermediary device responsive to the preconfigured policy indicating that the server is to be validated, validation of a SSL server certificate of the server using the one or more CA certificates specified by the preconfigured policy; and (e) establishing, by the intermediary device responsive to the SSL server certificate validation, the clientless SSL VPN connection with the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
an intermediary device comprising one or more hardware processors that is intermediary to a plurality of clients and a plurality of servers, wherein the intermediary device is configured to; receive a request to access a server of the plurality of servers via a clientless secure socket layer (SSL) virtual private network (VPN) connection; access, responsive to the request, a plurality of preconfigured policies for use by the device to restrict SSL server certificate validation to a set of servers, from the plurality of servers, specified in the plurality of preconfigured policies, each preconfigured policy of the plurality of preconfigured policies specifying at least one respective server of the plurality of servers for which to apply SSL server certificate validation; identify, for the server of the request, a preconfigured policy from the plurality of preconfigured policies, the intermediate device configured to apply SSL certificate validation for the server if the preconfigured policy indicates that the server is to be validated using one or more certificate authority (CA) certificates that are a subset of a plurality of CA certificates available to the intermediary device, and to forego the SSL certificate validation for the server if otherwise; perform, responsive to the preconfigured policy indicating that the server is to be validated, validation of a SSL server certificate of the server using the one or more CA certificates specified by the preconfigured policy; and establish, responsive to the SSL server certificate validation, the clientless SSL VPN connection with the server. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
Specification