Forum Discussion
NimbostratusCertificate to be generated on Cname record or actual url
Hi,
We have a users sending the request to url ( example : q1.abc.com ) which goes for dns resolution to local dns.
Local dns has a cname record for q1.abc.com pointing to q1.wip.abc.com. *.wip.abc.com is delegated to GTM.
GTM resolve q1.wip.abc.com to LTM VIP. We are doing ssl offloading on LTM.
Question is : do we need to generate CDR & certicate on q1.abc.com or q1.wip.abc.com
Thanks Amar
3 Replies
Cory_50405Noctilucent
q1.wip.abc.com is what you need the CSR generated for.
uniAltocumulus
This is incorrect. The CSR should be for q1.abc.com
HamishCirrocumulus
A longer answer to explain why, is that the certificate CN is checked by the broader against the hostname specified i the URL that is type dingo the browser. if the user types the name 'fred.domain.com', then the certificate has to be 'fred.domain.com'. It's this check that is used to verify (i..e the certificate CA is vouching for the authenticity of the name) that the end-user browser is connecting to the expected website.
H
