Forum Discussion
Alias entry under wide IP
Hi Team,
One quick question, suppose we add an alias under GTM wide IP. shall we need to update LTM VIP also which is behind the gtm pool with client profile certificate? means certificate should also require this alias name in its san entry?
Thanks,
Neha
- NGupta23
Nimbostratus
Thankyou!!
from the Host name here are we referring URL/FQDN name we have A record for?
basically yes.
e.g. eventhough the url's fqdn is cnamed thousands times, the client's http and ssl/tls layer doesnt care about it.
these layers only read resulted ip address.- NGupta23
Nimbostratus
Thanks zamroni777
But it didn't work. we updated Alias but still its giving certificate error. so seems San name needed in Cert.
it's usually not needed.
in short, the hostnames in ssl certificate only need to match to the hostname of the http layer request.
client's ssl layer will automatically uses that http layer hostname for tls sni request field.
also, http and ssl/tls layer doesnt care about dns cname things.so if the hostname in http(s)://<hostname>/........... doesnt change, then you dont need to update the ssl cert.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com