Introduction

Prior to Windows client version 2.9.13, access to the Silo service was restricted by certificate pinning. This meant that the client would validate the server certificate using pre-installed clients shipped with the client. The side-effect of this is that SSL inspection/decryption was not possible and customers needed to white list our infrastructure IPs in order to allow for the certification validation process to complete.


Starting with Windows client 2.9.13, the default behavior of the Silo client is to connect without certificate pinning. This allows customers to decrypt traffic between the client and the Authentic8 servers.



Enabling Server Validation

It is possible with Windows client 2.9.13 and beyond to enable server validation. This requires making changes to the registry on the local client computer.  Here are the details:


Name
Type
Values
Default
(when not set)
VerifyPeerCertificateREG_DWORD
  • 0: disable
  • Non-Zero: verify server
0


You may also copy and paste the registry info here into a registry file to enable this feature:


Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Software\Authentic8, Inc.\Authentic8]

"VerifyPeerCertificate"=dword:00000001

@=""


If Silo was installed programmatically via desktop management software (i.e. install was made in machine scope to in program files (x86) and not at the user scope level), then this registry key will need to be written to the following path:

  

   


   [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Authentic8, Inc.\Authentic8]

   "VerifyPeerCertificate"=dword:00000001

 @=""


Additional Notes  

Please contact Support if you have any additional questions and/or require further information.