Forum Discussion

Amarpreet_Sing1's avatar
Amarpreet_Sing1
Icon for Nimbostratus rankNimbostratus
Aug 13, 2014

Certificate to be generated on Cname record or actual url

Hi,

 

We have a users sending the request to url ( example : q1.abc.com ) which goes for dns resolution to local dns.

 

Local dns has a cname record for q1.abc.com pointing to q1.wip.abc.com. *.wip.abc.com is delegated to GTM.

 

GTM resolve q1.wip.abc.com to LTM VIP. We are doing ssl offloading on LTM.

 

Question is : do we need to generate CDR & certicate on q1.abc.com or q1.wip.abc.com

 

Thanks Amar

 

3 Replies

    • uni's avatar
      uni
      Icon for Altostratus rankAltostratus

      This is incorrect. The CSR should be for q1.abc.com

       

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus

    A longer answer to explain why, is that the certificate CN is checked by the broader against the hostname specified i the URL that is type dingo the browser. if the user types the name 'fred.domain.com', then the certificate has to be 'fred.domain.com'. It's this check that is used to verify (i..e the certificate CA is vouching for the authenticity of the name) that the end-user browser is connecting to the expected website.

     

    H