Pass Through Host Certificate Validation
Choose whether to enable or disable the default certificate validation process during SSL/TLS
handshake. Default is enable the certification validation. Applicable only for Microsoft
schannel provider.
Note: By default, schannel (MSCAPI) is responsible for validating the host
certificate chain received during SSL/TLS handshake. Schannel runs several checks on the
received certificate chain, one of which verifies that the signature affixed to the
certificate is valid. The hash value computed on the certificate contents must match the
value that results from decrypting the signature field using the public component of the
issuer. To perform this operation, the user must own the public component of the issuer,
either through some integrity-assured channel or by extracting it from another (validated)
certificate. The default certificate validation process is exhaustive and runs several
checks on the host certificate chain to successfully validate it. Enable this option, the
user must effectively suppress the default validation done by schannel and the identity of
the host would not be verified. As we are skipping the host certificate validation, the
status bar is updated with the following message: “Skip the certificate validation since
pass-through host certificate validation option is enabled.” Using this option is not
recommended.
When the Host certificate is not added to the trusted root and “Pass-Through Host Certificate Validation” is enabled, a pop-up is displayed. Users can suppress this pop-up by adding the “SuppressPassThroughPopup=Y” keyword under the “[Security]” section in the pcswin.ini file. By default, SuppressPassThroughPopup is disabled.