Forum Discussion

Michael_107360's avatar
Aug 22, 2017

TLS Server Name Indicator using the Server Name parameter

TLS Server Name Indicator: When using a SAN Cert Must use create a separate Client SSL profiles for each name that is in the SAN certificate you want to use?

 

Would I then need Client_SSL_1 with Server Name = then create Client_SSL_2 with Server Name = investor.xyz.com ? When no name is given I know the default is Common Name?

 

For instance you have a Certificate 1 SAN certificate: Common Name = Subject Alt = xyz.com

 

Certificate 2 SAN certificate: Common Name = Subject Alt = investor.com

 

Client_SSL_base Client_SSL_fallback Certificate 1 default checked Client_SSL_1a Certificate 1 ServerName = Client_SSL_1b Certificate 1 ServerName = xyz.com Client_SSL_2a Certificate 2 ServerName = Client_SSL_2b Certificate 2 ServerName = investor.com

 

1 Reply

  • Hi,

    Default sni behavior when multiple clientssl profile is assigned to a vs is to read subject and SAN values and use these values as condition.

    Don't configure

    Server Name
    field but only check
    default for SNI
    in one of profiles.