SSL validation with client (browser) in case of URL redirection

Question

we have a task to redirect a URL say abc.com to  on the GTM.&nbsp;
Currently we have a cname to point  to  , since we are using sd.com zone for doing global load balancing.
The  is pointing to reverse proxys which have the certificate with name "; on them.&nbsp;
so if i proceed to create a cname to point abc.com to  ( cname ) will it throw certificate errors ?
since the cert name is  and not  nor is it having the initial requestors abc.com. as a san name. I think this will fail certificate validation. Can anyone please confirm on this.&nbsp;
If i am correct, i think i should make this redirection to avoid certificate issues.&nbsp;
1) point abc.com to  instead of directly pointing it to  ( and since  will redirect to  since its related CNAME is already existing ).&nbsp;
This way the broswer will be in its request, also include a mention of  and thus the certificate name will also match and validation will be successful.&nbsp;
Please correct me if am wrong.&nbsp;
Thanks
Sri Charan Rache&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
Certificate validation doesn’t follow dns cname.&nbsp;
If your browser requests abc.com, certificate must include abc.com in SAN (or Subject but if SAN exists, subject is ignored, and chrome decided to make subject validation deprecated)&nbsp;

Forum Discussion

SSL validation with client (browser) in case of URL redirection

1 Reply

Recent Discussions

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

POC: Validate JWT with iRule

Ending an APM session when browser tab is closed

Anchor Link Redirect

Removal Cookies on Client Browser

Redirect Location header validator