Alias entry under wide IP

Question

&nbsp;Hi Team,One quick question, suppose we add an alias under GTM wide IP. shall we need to update LTM VIP also which is behind the gtm pool with client profile certificate? means certificate should also require this alias name in its san entry?&nbsp;Thanks,Neha

aswin_mk · Answer

NGupta23If you are using different URLS in an application, you must add the FQDN in SAN or use one wild card certificate for it.&nbsp;

zamroni777 · Answer

it's usually not needed.in short, the hostnames in ssl certificate only need to match to the hostname of the http layer request.client's ssl layer will automatically uses that http layer hostname for tls sni request field.also, http and ssl/tls layer doesnt care about dns cname things.so if the hostname in http(s)://&lt;hostname&gt;/........... doesnt change, then you dont need to update the ssl cert.

ngupta23 · Answer

Thankyou!!from the Host name here are we referring URL/FQDN name we have A record for?

zamroni777 · Answer

basically yes.e.g. eventhough the url's fqdn is cnamed thousands times, the client's http and ssl/tls layer doesnt care about it.these layers only read resulted ip address.

ngupta23 · Answer

Thanks zamroni777&nbsp;But it didn't work. we updated Alias but still its giving certificate error. so seems San name needed in Cert.

Forum Discussion

Alias entry under wide IP

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Modifying multiple entries in a datagroup via api?

SSL cert alias

How to Contribute an Article or a Codeshare Entry

Cannot modify Alias Service Port of a HTTP monitor

Crontab for backups - Entries not running

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS