What's the difference between server.certificate.hostname and server.certificate.subject policy condition.

book

Article ID: 168231

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Those two conditions are triggered Subject field in certificate, both.  However,  if certificate has Subject Alternative Name (SAN) in inside,  server.certificate.hostname hits the top of the DNS name.
 
For example, attached certificate here,
----
<ssl>
server.certificate.subject  = ".vo.msecnd.net" allow
server.certificate.hostname=".adn.azureedge.net" allow
-----
 
Both policy rule should match and allow for accessing to https://az216772.vo.msecnd.net site.

Cause

certificate

Attachments