This guide assumes that your Virtru Private Keystore (VPK) is up and running. You can follow these steps if you have recently deployed, upgraded your TLS/SSL certificate or added additional servers.
Initial System and Certificate Check
- Verify Server Status
-
Begin by checking the status of your VPK server to ensure it is operational.
You might need to add your Workstation IP address to your firewall rule to test your access.
FQDN: https://cks.yourdomain.com/status
-
- Validate Your SSL/TLS Certificate
Confirm that your certificate is properly installed and valid.
Email Encryption and Decryption Test
Once your initial checks are successful and the VPK server is running, follow these steps:
- Send an Encrypted Content
- Install the Virtru Gmail Extension or Microsoft Add-In
- Log Into your Virtru Secure Share: https://[your_custom_subdomain].secure.virtru.com/secure-share
- Send an encrypted outbound email or a Secure Share content to both the Virtru Solutions Architect and your personal email account.
- Verify Decryption
- Ensure that you can successfully decrypt the email. If decryption is successful, your VPK is functioning correctly.
Service Disruption Test
If the email decryption is successful, proceed with the following steps to further test the system:
- Access the Server
-
SSH into your VPK server and run the command below to identify the running container:
docker ps
-
- Stop the Container
-
Once you have the container ID, stop the container with the following command:
docker stop <container ID>
-
- Notify the Virtru Solutions Architect
- Inform the Solutions Architect once the container is stopped. Keep the container offline for one hour. During this time:
-
Access to FQDN: You should not be able to access the URL:
https://cks.yourdomain.com/status - Email Decryption: You should not be able to decrypt the previously sent encrypted email.
-
- Inform the Solutions Architect once the container is stopped. Keep the container offline for one hour. During this time:
- Verify System Behavior
- Confirm that both you and the Virtru Solutions Architect are unable to decrypt the email and access the FQDN.
- Restart the Container
-
After the one hour period, restart the container using:
docker start <container ID>
-
Troubleshooting
If email decryption fails at any point, verify that your certificate chain is correct. A common issue is a typo or incomplete certificate chain.
Also, ensure that the Virtru backend configuration is correct to prevent further issues.
By following this process, you can verify that your VPK setup is functioning correctly and securely.