Alias entry under wide IP

Question

&nbsp;Hi Team,One quick question, suppose we add an alias under GTM wide IP. shall we need to update LTM VIP also which is behind the gtm pool with client profile certificate? means certificate should also require this alias name in its san entry?&nbsp;Thanks,Neha

aswin_mk · Answer

NGupta23If you are using different URLS in an application, you must add the FQDN in SAN or use one wild card certificate for it.&nbsp;

zamroni777 · Answer

it's usually not needed.in short, the hostnames in ssl certificate only need to match to the hostname of the http layer request.client's ssl layer will automatically uses that http layer hostname for tls sni request field.also, http and ssl/tls layer doesnt care about dns cname things.so if the hostname in http(s)://&lt;hostname&gt;/........... doesnt change, then you dont need to update the ssl cert.

ngupta23 · Answer

Thankyou!!from the Host name here are we referring URL/FQDN name we have A record for?

zamroni777 · Answer

basically yes.e.g. eventhough the url's fqdn is cnamed thousands times, the client's http and ssl/tls layer doesnt care about it.these layers only read resulted ip address.

ngupta23 · Answer

Thanks zamroni777&nbsp;But it didn't work. we updated Alias but still its giving certificate error. so seems San name needed in Cert.

Forum Discussion

Alias entry under wide IP

6 Replies

Recent Discussions

On the R4800 series, sometimes ICMP does not work properly. Reboot fixes the problem

Request URL and Referel http header

Failed to add new DNS machine to the existing DNS sync-group

SNMP OIDs for monitoring

F5 Malicious Source IP Address Alert

Related Content

Modifying multiple entries in a datagroup via api?

SSL cert alias

How to Contribute an Article or a Codeshare Entry

Cannot modify Alias Service Port of a HTTP monitor

Crontab for backups - Entries not running