Authentication name in server ssl profile

Hi

 

 

have you considered of applying a server side cert on the VIP instead of trying to configure Server Auth, if you are only tryingto keep data encrypted this will do that for you.

 

 

Can you try it with no entry, "A blank Authenticate Name field means that everyone is authenticated, even though you have specified Require as the Server Certificate setting."

as ferg is already asking, what are you trying to accomplish, just encryption or also authentication of the server via a specific certificate?

See this is a few years old, but I am going down a similar path. I need to determine trust for the server, but the server may change so the server name will change.

 

It appears I could use an iRule and change the SSL::profile to match appropriately. But in my case the settings are all the same for the profile. The difference is that I want to plug in the correct server name (what I'm expecting the certificate to return as).

 

I want to validate the server so I can establish trust.. Require a certficiate If expired drop If untrusted drop and then, yes, we could allow any name, but trust should definitely check that the name is what is expected (any browser will do that!).

 

Cases I see this happening is farms of servers that do not share a common certificate. In most cases here the application servers all have their own internal PKI issued certificates. We trust the PKI and expect these to match. If they don't somebody moved something or ...

 

I would really like to avoid having to defined a server SSL profile for each of these servers but use a single one and define the authenticate name.. perhaps this can be returned in an iRule for me to match.. I will dig into that..

 

Thanks all...