SSL validation with client (browser) in case of URL redirection

Question

we have a task to redirect a URL say abc.com to  on the GTM.&nbsp;
Currently we have a cname to point  to  , since we are using sd.com zone for doing global load balancing.
The  is pointing to reverse proxys which have the certificate with name "; on them.&nbsp;
so if i proceed to create a cname to point abc.com to  ( cname ) will it throw certificate errors ?
since the cert name is  and not  nor is it having the initial requestors abc.com. as a san name. I think this will fail certificate validation. Can anyone please confirm on this.&nbsp;
If i am correct, i think i should make this redirection to avoid certificate issues.&nbsp;
1) point abc.com to  instead of directly pointing it to  ( and since  will redirect to  since its related CNAME is already existing ).&nbsp;
This way the broswer will be in its request, also include a mention of  and thus the certificate name will also match and validation will be successful.&nbsp;
Please correct me if am wrong.&nbsp;
Thanks
Sri Charan Rache&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
Certificate validation doesn’t follow dns cname.&nbsp;
If your browser requests abc.com, certificate must include abc.com in SAN (or Subject but if SAN exists, subject is ignored, and chrome decided to make subject validation deprecated)&nbsp;

Forum Discussion

SSL validation with client (browser) in case of URL redirection

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

POC: Validate JWT with iRule

Redirect Location header validator

Implementing SSL Orchestrator - Validation & Troubleshooting

APM Customization: Password Change Validation

Request and validate OAuth / OIDC tokens with APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS