Forum Discussion
elamri_304806
Nimbostratus
NimbostratusCommon name SSL F5
hello team,
I have a problem with a certification deployed on F5.
Currently this certification have the CN : lab1.mycompany.lan
So the problem is when i change the link of my applicati...
If you access a website that has a different hostname compared to the Common Name specified in the certificate, you will be able to access the site without any issues but you must be getting a warning message on your browser that says the certificate presented to you by the server (F5, in this case) is dedicated to a different hostname.
None of this should prevent your website from loading, but the untrusted warning message will continue to persist until you rectify that to match the certificate common name. To address this, one way to do it is have a wildcard certificate with CN: *.mycompany.lan and apply this to your profile.
However, if you want to have dedicated certificate for "lab2.mycompany.lan" and use the other wildcard certificate for all other subdomains of mycompany.lan, then you can make use of our Server Name Indication feature: https://support.f5.com/csp/article/K13452
Ilian_IvanovNimbostratus
NimbostratusHello,
It is normal that you can access your site from different URLs, even it is SSL and you have only 1 CN. You can have a lot of DNS entries pointing to the same location. But if the certificate CN is lab1.mycompany.lan you will get certificate warning when you try with lab2.mycompany.lan. You can skip the warning and continue to the site.
If you want that site to be reached only from URL- lab1.mycompany.lan, you will need to use an iRule like that one:
when HTTP_REQUEST {
if { [HTTP::host] equals "lab1.mycompany.lan" } {
pool myhttppool
}
else {
drop
}
}