Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A.
The subject field in the server certificate
B.
The subject alternative name (SAN) field in the server certificate
C.
The serial number in the server certificate
D.
The server name indication (SNI) extension in the client hello message
During the exchange of hello messages at the beginning of an SSL handshake, FortiGate parses server name indication (SNI) from client Hello, which is an extension of the TLS protocol.
The SNI tells FortiGate the hostname of the SSL server, which is validated against the DNS name before receipt of the server certificate.
If there is no SNI exchanged, then FortiGate identifies the server by the value in the Subject field or SAN (subject alternative name) field in the server certificate.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
drumigue
10 months, 2 weeks agototo74500
11 months ago