Background

Prior to Windows client version 2.9.13, access to the Silo service was restricted by certificate pinning. This meant that the client would validate the server certificate using pre-installed clients shipped with the client. The side-effect of this is that SSL inspection/decryption was not possible and customers needed to white list our infrastructure IPs in order to allow for the certification validation process to complete.


Starting with Windows client 2.9.13, the default behavior of the Silo client is to connect without certificate pinning. This allows customers to decrypt traffic between the client and the Authentic8 servers, as desired.


Enabling Server Validation

It is possible with Windows client 2.9.13 and beyond to enable server validation, if desired. This requires making changes to the registry on the local client computer.  Here are the details on that:


NameTypeValuesDefault
(when not set)
VerifyPeerCertificateREG_DWORD
  • 0: disable
  • Non-Zero: verify server
0


You may also copy and paste the registry info here into a registry file to enable this feature:


Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Software\Authentic8, Inc.\Authentic8]

"VerifyPeerCertificate"=dword:00000001

@=""


Additional Notes

Please contact Support if you have any additional questions or if you require more information.