Forum Discussion

fraguet_53463's avatar
fraguet_53463
Icon for Nimbostratus rankNimbostratus
Nov 06, 2018

Authentication name in server ssl profile and SAN field

Hello

 

In a SSL server profile, the FQDN name in the field 'Authenticate Name' is compare only to the CN field of the certificate ? Or the SAN (Subject Alternative Names) field of the certificate is also compared ?

 

We have exchanges with a company actually presenting a certificate " *.company.com ". So actually, we authenticate the server with " *.company.com " in the Authenticate Name field of the SSL server profile.

 

They will soon modify their certificate with CN " company.com " and put " *.company.com " in the SAN part of the certificate.

 

How the SSL server profile will handle this ? SSL will fail because the CN of the certificate is not equal to the Authenticate Name field in the profile ? Or SSL will be ok because the SAN field handle a name equal to the Authenticate Name field of the profile ?

 

Thank you.

 

Fred

 

  • I believe the Authenticate Name only currently applies to the CN value. Irrespective of the Help section description, it's okay to leave this option empty. The most important options here are,

     

    • Server Certificate - set to require or ignore (the server certificate).
    • Trusted Certificate Authorities - a CA bundle used to validate the server certificate if the above is set to require.
    • Expire and Untrusted Certificate Response Controls - determines what to do if the server certificate is expired or untrusted.