Forum Discussion
Arun_Bhardwaj_1
Cirrus
Cirruscan we open login f5 through http and block https? so will not get SSL error.
can we open login f5 through http and block https? so will not get SSL error.
We are having link load balancer. And during security audit in our company we are shown SSL vulnerablity on public I...
Eklas1974_20500
Nimbostratus
NimbostratusHello,
I am getting (SSL Certificate - Signature Verification Failed Vulnerability) only for the cert in which there are multiple subjects (Subject Alternative Name) ...this specific cert is used to multiple stage envs ( it's like a bundle)...
any idea if there is anything special I need to do for this cert to pass the scan?
StephanMantheyNacreous
Hi, you are using a SAN certificate as device certificate? It should not be a problem. Make sure the name used as CN is contained in the list of alternative names as well. In case it contains IP addresses the labels in the alternative names should be IP instead of DNS. For a device certificate it is very important to have both the purpose flags to act as server cert and as client cert. Does the GTM trust the signing CA? Is the certificate imported to device certs, trusted certs and to GTM server trusted certs? On weekend I can upload a script covering creation of a cert containing alternative names, being valid for 10 years, based on 2.048 bit key and copies it to all required locations. Thanks, Stephan
