Forum Discussion
sandy16
Altostratus
AltostratusAuthentication name in server ssl profile
Hi, I am kind of stuck while trying to configure a server ssl profile.
Under the "server authentication" section, i selected "require" for server certificate. As i want the ssl communication to...
brad_11480
Nimbostratus
NimbostratusSee this is a few years old, but I am going down a similar path. I need to determine trust for the server, but the server may change so the server name will change.
It appears I could use an iRule and change the SSL::profile to match appropriately. But in my case the settings are all the same for the profile. The difference is that I want to plug in the correct server name (what I'm expecting the certificate to return as).
I want to validate the server so I can establish trust.. Require a certficiate If expired drop If untrusted drop and then, yes, we could allow any name, but trust should definitely check that the name is what is expected (any browser will do that!).
Cases I see this happening is farms of servers that do not share a common certificate. In most cases here the application servers all have their own internal PKI issued certificates. We trust the PKI and expect these to match. If they don't somebody moved something or ...
I would really like to avoid having to defined a server SSL profile for each of these servers but use a single one and define the authenticate name.. perhaps this can be returned in an iRule for me to match.. I will dig into that..
Thanks all...