Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Certificate to be generated on Cname record or actual url

Hi,

We have a users sending the request to url ( example : q1.abc.com ) which goes for dns resolution to local dns.

Local dns has a cname record for q1.abc.com pointing to q1.wip.abc.com. *.wip.abc.com is delegated to GTM.

GTM resolve q1.wip.abc.com to LTM VIP. We are doing ssl offloading on LTM.

Question is : do we need to generate CDR & certicate on q1.abc.com or q1.wip.abc.com

Thanks Amar

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

A longer answer to explain why, is that the certificate CN is checked by the broader against the hostname specified i the URL that is type dingo the browser. if the user types the name 'fred.domain.com', then the certificate has to be 'fred.domain.com'. It's this check that is used to verify (i..e the certificate CA is vouching for the authenticity of the name) that the end-user browser is connecting to the expected website.

H

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

q1.wip.abc.com is what you need the CSR generated for.

-1
Comments on this Answer
Comment made 02-Jul-2018 by uni 1155

This is incorrect. The CSR should be for q1.abc.com

0