How to Disable Trust Chain Check for Credant Manager

Summary: When using a self-signed certificate for a Credant Manager policy, it is necessary to disable the trust chain for the certificate used.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected Products:

  • Credant Manager

Cause

Not Applicable

Resolution

Warning: The next step is a Windows Registry edit:

Without the trust chain disabled, the Credant Manager client cannot pick up the policy. If the server is using a cert that has not verified by a chain of trust, you must:

  • To turn off CREDANT Manager SSL trust validation.
  • Check Disable Trust Chain Check.
  • The client computer must have the following registry entry to disable trust validation:
HKLM\System\CurrentControlSet\Services\CredMgmtAgent\Parameters\DisableSSLCertTrust (DWORD (32-bit) Value)=1
Note: Disabling trust validation lessens security, but allows you to use a self-signed certificate for pilots, POCs, for a production environment, we do not recommend the use of self-signed certificates.

While the trust chain is enabled, the user receives:

  • The agent cannot establish a trust relationship for the SSL and TLS secure channel with authority FQDN:8888.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Encryption
Article Properties
Article Number: 000129592
Article Type: Solution
Last Modified: 14 Nov 2023
Version:  8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.