Forum Discussion
fraguet_53463
Nimbostratus
NimbostratusAuthentication name in server ssl profile and SAN field
Hello
In a SSL server profile, the FQDN name in the field 'Authenticate Name' is compare only to the CN field of the certificate ? Or the SAN (Subject Alternative Names) field of the certificate is also compared ?
We have exchanges with a company actually presenting a certificate " *.company.com ". So actually, we authenticate the server with " *.company.com " in the Authenticate Name field of the SSL server profile.
They will soon modify their certificate with CN " company.com " and put " *.company.com " in the SAN part of the certificate.
How the SSL server profile will handle this ? SSL will fail because the CN of the certificate is not equal to the Authenticate Name field in the profile ? Or SSL will be ok because the SAN field handle a name equal to the Authenticate Name field of the profile ?
Thank you.
Fred
- Kevin_Stewart
Employee
I believe the Authenticate Name only currently applies to the CN value. Irrespective of the Help section description, it's okay to leave this option empty. The most important options here are,
- Server Certificate - set to require or ignore (the server certificate).
- Trusted Certificate Authorities - a CA bundle used to validate the server certificate if the above is set to require.
- Expire and Untrusted Certificate Response Controls - determines what to do if the server certificate is expired or untrusted.
