Select the Disable check box to prevent the use of a certificate revocation list (CRL). A CRL is used to check if any of the used server certificates have been revoked.

	Note
	Disabling CRL checking is a security risk and should be done for testing purposes only.

The OCSP Responder Service provides client applications a point of control for retrieving real-time information on the validity status of certificates using the Online Certificate Status Protocol (OCSP). For more information on OCSP, see RFC 2560.

Specifies whether the client will verify the server's hostname against the Subject Name or Subject Alternative Name (DNS Address) in the server's certificate.

If this check box is not selected, the fields in the server host certificate are not verified and the certificate is accepted based on validity period and CRL check only. Note that this is a possible security risk, as anyone with a certificate issued by the same trusted CA that issues the server host certificates can perform a man-in-the-middle attack on the server if a client has the endpoint identity check disabled.

This element defines whether the certificates are required to be compliant with the DoD PKI (US Department of Defense Public-Key Infrastructure).

Specify the domain for endpoint identity check.

Specify the HTTP proxy address.

Format: http://username@socks_server:port/network/netmask,network/netmask...

Specify the SOCKS proxy address.

Format: socks://username@socks_server:port/network/netmask,network/netmask...

An example of a proxy server setting:

socks://socks.ssh.com:1080/203.123.0.0/16,198.74.23.0/24

In this case, the host socks.ssh.com and port 1080 (default) are used as your SOCKS server for connections outside of networks 203.123.0.0 (16-bit domain) and 198.74.23.0 (8-bit domain). Those networks are connected directly. If this option is used, it should almost always contain the local loopback network (127.0.0.0/8) as a network that is connected directly.