The purpose of this article is to provide a way to test the rules that use the "Server Certificate Validation" action.
A certificate is considered invalid when at least one of the following occurs:
- Common Name Mismatch / Wrong Host: When the SNI in the request does not match the Common Name included in the certificate or the SNI is not present as part of the SAN extension.
- Untrusted Issuer: When the certificate that the client receives or its issuer is not installed within the trusted certification authorities container in the browser.
- Expired Certificate: When the time limit (set when the certificate is created) is surpassed