Forum Discussion
NimbostratusServer SSL profile cert authentication behavior
I would like to know the relationship between following 3 items under Server authentication in Server SSL profile:
1> Server Certificate: ignore or require
2>Expire Certificate Response Control: ignore or drop
3> Untrusted Certificate Response Control: ignore or drop
Document says if I choose ignore under server certificate, the LTM will allow the connection anyway.
but whatif I choose "ignore' under Server Certificate, and "drop" under the other 2 items, how would the LTM behave when it receives an untrusted Cert from the backend server? will it still ignore the cert error and allow the SSL handshake done? or will it drop the connection attempt? Do those control options only take effect with then server certification option is set to be "require"?
thanks a lot
Leonardo_SouzaCirrocumulus
1> Server Certificate: ignore or require
Same as in the client ssl profile, requires/ignores the other device to certificate.
2>Expire Certificate Response Control: ignore or drop
If ignore, it will allow connections with expired certificate. If drop, will drop the connection.
3> Untrusted Certificate Response Control: ignore or drop
Same as above, but in case the certificate was not signed by a trusted CA.
If you select ignore for server certificate, does not matter if the certificate has expired or is not trusted, the connection will not fail because certificate.