This guide assumes that your Virtru Private Keystore (VPK) is up and running. You can follow these steps if you have recently deployed, upgraded your TLS/SSL certificate or added additonal servers.
Initial System and Certificate Check
- Verify Server Status
- Begin by checking the status of your VPK server to ensure it is operational.
FQDN: https://cks.yourdomain.com/status
- Begin by checking the status of your VPK server to ensure it is operational.
- Validate Your SSL/TLS Certificate
Confirm that your certificate is properly installed and valid.
Email Encryption and Decryption Test
Once your initial checks are successful and the VPK server is running, follow these steps:
- Send an Encrypted Email
- Send an encrypted outbound email to both the Deployment Engineer (DE) and your personal email account.
- Verify Decryption
- Ensure that you can successfully decrypt the email. If decryption is successful, your VPK is functioning correctly.
Service Disruption Test
If the email decryption is successful, proceed with the following steps to further test the system:
- Access the Server
- SSH into your VPK server and run the command below to identify the running container:
docker ps
- SSH into your VPK server and run the command below to identify the running container:
- Stop the Container
- Once you have the container ID, stop the container with the following command:
docker stop <container ID>
- Once you have the container ID, stop the container with the following command:
- Notify the Deployment Engineer
- Inform the DE once the container is stopped. Keep the container offline for one hour. During this time:
- Access to FQDN: You should not be able to access the URL:
https://cks.yourdomain.com/status
- Email Decryption: You should not be able to decrypt the previously sent encrypted email.
- Access to FQDN: You should not be able to access the URL:
- Inform the DE once the container is stopped. Keep the container offline for one hour. During this time:
- Verify System Behavior
- Confirm that both you and the DE are unable to decrypt the email and access the FQDN.
- Restart the Container
- After the one hour period, restart the container using:
docker start <container ID>
- After the one hour period, restart the container using:
Troubleshooting
If email decryption fails at any point, verify that your certificate chain is correct. A common issue is a typo or incomplete certificate chain.
Also, ensure that the Virtru backend configuration is correct to prevent further issues.
By following this process, you can verify that your VPK setup is functioning correctly and securely.