Authentication name in server ssl profile and SAN field

Question

Hello&nbsp;
In a SSL server profile, the FQDN name in the field 'Authenticate Name' is compare only to the CN field of the certificate ? Or the SAN (Subject Alternative Names) field of the certificate is also compared ? &nbsp;
We have exchanges with a company actually presenting a certificate " *.company.com ".
So actually, we authenticate the server with " *.company.com " in the Authenticate Name field of the SSL server profile.&nbsp;
They will soon modify their certificate with CN " company.com " and put " *.company.com " in the SAN part of the certificate.&nbsp;
How the SSL server profile will handle this ? SSL will fail because the CN of the certificate is not equal to the Authenticate Name field in the profile ? Or SSL will be ok because the SAN field handle a name equal to the Authenticate Name field of the profile ?&nbsp;
Thank you.&nbsp;
Fred&nbsp;

kevin_stewart · Answer

I believe the Authenticate Name only currently applies to the CN value. Irrespective of the Help section description, it's okay to leave this option empty. The most important options here are,&nbsp;
Server Certificate - set to require or ignore (the server certificate).Trusted Certificate Authorities - a CA bundle used to validate the server certificate if the above is set to require.Expire and Untrusted Certificate Response Controls - determines what to do if the server certificate is expired or untrusted.

Forum Discussion

Authentication name in server ssl profile and SAN field

1 Reply

Recent Discussions

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Server Profile SNI

SSL Profiles Part 9: Server Authentication

SSL Profiles Part 8: Client Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Understanding the Authenticate Name Option on Server SSL profile on BIG-IP