For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wazir's avatar
wazir
Icon for Altostratus rankAltostratus
Jun 30, 2019

SSL Certificate with Wrong Hostname

SSL Certificate with Wrong Hostname The SSL certificate for this service is for a different host. The commonName (CN) of the SSL certificate presented on this service is for a different machine. Purc...
devops
F5 Cloud Services
Secure Web Gateway
security
WebSafe
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Jun 30, 2019

> solution provided on other sites : "Purchase or generate a proper certificate for this service."

 

This is the correct answer - you need to update your certificate with the appropriate CN name or Subject Alternative Name (SAN).

 

When someone connects to your website over SSL/TLS, you send them a certificate.

They compare the domain name they were connecting to (www.yoursite.com) to the CN and SAN of the presented certificate. If there is no match, their browser shows the warning.

 

With an LTM and a vs with a client-ssl profile and server-ssl profile, you can present the correct certificate from the virtual server, and you do not need to ensure that all the pool members have the correct certificate.

 

But you do need to have the matching certificate on your virtual server.

 

You will need to create a new Certificate Signing Request (CSR) for your Certificate Authority, and update the certificate.