Forum Discussion
MH
Altocumulus
AltocumulusCNAME redirection to GTM certificate SAN requirement
Hello All,
If we are using a CNAME record to redirect DNS request to the listener on the GTM / DNS module, does the server certficate have to include both the original FQDN and the FQDN referenced by the CNAME?
I do not believe so, but I have need asked to quadrule check this.
Often Internet sites use CNAME DNS records to redirect trafifc to content delivery netowrks like Akaimi, and I doubt the end site will need to include the Akaimi FQDN or wildcard domain in the end server certificate. The web browser will still show the orignl FQDN in the URL bar and not the CNAME FQDN name.
Regards,
Michael
To be honest this is not an F5 related question but a general question about how DNS Cname and SSL cert CN/SAN/SNI work together but I think you should just check the Internet as there is enough data for such general questions.
- Nikoolayy1
MVP
To be honest this is not an F5 related question but a general question about how DNS Cname and SSL cert CN/SAN/SNI work together but I think you should just check the Internet as there is enough data for such general questions.
- LouisK
CNAME is at the DNS level. If the CNAME FQDN is in the cert, you are fine. Your browser/connection will use the request FQDN and not the CNAME branching.
We don't add the underlying names of our VIPs, just the application fqdn in our SSL certs. We have never had an issue.
