Accessing the CRLDP with a Proxy
Symantec recommends that you allow direct access from the Enforce Server computer to all CRLDP servers that are required to perform certificate revocation checks. If the CRLDP servers are accessible only through a proxy, then you must configure the proxy settings on the Enforce Server computer.
When you configure a proxy, the Enforce Server uses your proxy configuration for all HTTP connections, such as those connections that are created to connect to a CRLDP server to fetch certificate revocation lists. Check with your proxy administrator before you configure these proxy settings, and consider allowing direct access to CRLDP servers if at all possible.
- To configure proxy settings for a CRLDP server
- Ensure that the CRLDP is defined in the CRL distribution point field of each client certificate.
- Log on to the Enforce Server computer using the account that you created duringSymantec Data Loss Preventioninstallation.Do not change permissions or ownership on any configuration file from another root or Administrator account.
- Change directory to the/opt/Symantec/DataLossPrevention/EnforceServer/(Linux) or16.0.20000/Protect/configc:\Program Files\Symantec\DataLossPrevention\EnforceServer\(Windows) directory. If you installed16.0.20000\Protect\configSymantec Data Loss Preventioninto a different directory, substitute the correct path.
- Open theSymantecDLPManager.conffile with a text editor.
- Add or edit the following configuration properties to identify the proxy:wrapper.java.additional.22=-Dhttp.proxyHost=myproxy.mydomain.comwrapper.java.additional.23=-Dhttp.proxyPort=8080wrapper.java.additional.24=-Dhttp.nonProxyHosts=hostsReplacemyproxy.mydomain.comand8080with the host name and port of your proxy server. You can include server host names, fully qualified domain names, or IP addresses separated with a pipe character. For example:wrapper.java.additional.24=-Dhttp.nonProxyHosts=crldp-server| 127.0.0.1|DataInsight_Server_Host
- Save your changes to the configuration file.
- Stop and then restart the Symantec DLP Manager service to apply your changes.