Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Reference: Virtru Private Keystore (for Google Workspace CSE): - Testing Procedure

  • Updated

This guide assumes that your Virtru Private Keystore (VPK) for Google Workspace is up and running. Follow these steps if you have recently deployed VPK, upgraded your TLS/SSL certificate, or added additional servers.

Initial System and Certificate Check

Verify Server Status

Begin by checking the status of your VPK server to ensure it is operational:

Validate Your SSL/TLS Certificate

Confirm that your SSL/TLS certificate is properly installed and valid:

  1. Run the following command to check the certificate details: 
    openssl s_client -connect csesrv.yourdomain.com:443 -servername csesrv.yourdomain.com
  2. Verify the certificate chain to ensure it is complete and correctly installed.

Encryption and Decryption Google Workspace Document Test

Send an Encrypted Content

To further validate encryption functionality, test Google Workspace document encryption:

  1. Log into Google Drive.
  2. Click New and navigate to Docs, Sheets, or Slides.
  3. Select Blank encrypted document.
  4. Share the document with someone in your organization.
  5. Ensure that the recipient can access and edit the document.

Verify Decryption

  1. Have the other user within the organization open the encrypted content.
  2. Ensure that you and the recipient can successfully decrypt the message.
  3. If decryption is successful, your VPK is functioning correctly.

Service Disruption Test

If the encrypted document is accessible, proceed with the following steps to further test system resilience:

Access the Server

  1. SSH into your VPK server: 
    ssh user@your-vpk-server
  2. Identify the running container: 
    docker ps

Stop the Container

  1. Obtain the container ID from the docker ps command output.
  2. Stop the container using: 
    docker stop <container_ID>

Verify System Behavior

During this time:

  • FQDN Access: Attempt to access https://csesrv.yourdomain.com/status. It should be unreachable.
  • Google Workspace Document Access: Refresh the content or close and reopen. Attempt to access the encrypted document in Drive. Access should be denied.
  • Confirm that both you and the other person are unable to decrypt the content.

Restart the Container

  1. Restart the container using: 
    docker start <container_ID>
  2. Reattempt email decryption and access the encrypted content to ensure that the VPK is functioning again.

Troubleshooting

If email or document decryption fails at any point, follow these troubleshooting steps:

Verify SSL/TLS Certificate Chain

  1. Ensure that your certificate is correctly installed and the chain is complete.
  2. Run: 
    openssl s_client -connect csesrv.yourdomain.com:443 -servername csesrv.yourdomain.com -showcerts

By following this process, you can verify that your VPK setup is functioning correctly and securely.

Related articles