search cancel

Test Server Certificate Validation rules in the VPM


Article ID: 172409


Updated On:


ProxySG Software - SGOS


The purpose of this article is to provide a way to test the rules that use the "Server Certificate Validation" action.

A certificate is considered invalid when at least one of the following occurs:

  • Common Name Mismatch / Wrong Host: When the SNI in the request does not match the Common Name included in the certificate or the SNI is not present as part of the SAN extension.
  • Untrusted Issuer: When the certificate that the client receives or its issuer is not installed within the trusted certification authorities container in the browser.
  • Expired Certificate: When the time limit (set when the certificate is created) is surpassed


The following sites offer us the possibility to test each of the given options in a safe manner:

Common Name Mismatch / Wrong Host:

Untrusted Issuer:

Expired Certificate: