Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?
#Config firewall ssl-ssh-profile
edit
config https
set sni-server-cert-check [enable* | strict | disable]
Enable: If the SNI does NOT match the CN or SAN fields in the returned server's certificate, FG uses the CN field instead of the SNI to obtain the FQDN.
Strict: If the SNI does NOT match the CN or SAN fields in the returned server's certificate, FG closes the connection.
Disable: FG does not check the SNI.
Malinda
10 months agoBarbra
10 months agoAshlee
10 months agoDannie
10 months agoMira
10 months agoKaycee
10 months agoSocorro
10 months agoJamal
10 months ago