Accessing the CRLDP with a Proxy

Symantec recommends that you allow direct access from the Enforce Server computer to all CRLDP servers that are required to perform certificate revocation checks. If the CRLDP servers are accessible only through a proxy, then you must configure the proxy settings on the Enforce Server computer.
When you configure a proxy, the Enforce Server uses your proxy configuration for all HTTP connections, such as those connections that are created to connect to a CRLDP server to fetch certificate revocation lists. Check with your proxy administrator before you configure these proxy settings, and consider allowing direct access to CRLDP servers if at all possible.
  1. To configure proxy settings for a CRLDP server
  2. Ensure that the CRLDP is defined in the CRL distribution point field of each client certificate.
  3. Log on to the Enforce Server computer using the account that you created during
    Symantec Data Loss Prevention
    installation.
    Do not change permissions or ownership on any configuration file from another root or Administrator account.
  4. Change directory to the
    /opt/Symantec/DataLossPrevention/EnforceServer/
    16.0.10000
    /Protect/config
    (Linux) or
    c:\Program Files\Symantec\DataLossPrevention\EnforceServer\
    16.0.10000
    \Protect\config
    (Windows) directory. If you installed
    Symantec Data Loss Prevention
    into a different directory, substitute the correct path.
  5. Open the
    SymantecDLPManager.conf
    file with a text editor.
  6. Add or edit the following configuration properties to identify the proxy:
    wrapper.java.additional.22=-Dhttp.proxyHost=
    myproxy.mydomain.com
    wrapper.java.additional.23=-Dhttp.proxyPort=
    8080
    wrapper.java.additional.24=-Dhttp.nonProxyHosts=
    hosts
    Replace
    myproxy.mydomain.com
    and
    8080
    with the host name and port of your proxy server. You can include server host names, fully qualified domain names, or IP addresses separated with a pipe character. For example:
    wrapper.java.additional.24=-Dhttp.nonProxyHosts=crldp-server| 127.0.0.1|DataInsight_Server_Host
  7. Save your changes to the configuration file.
  8. Stop and then restart the Symantec DLP Manager service to apply your changes.