server-hostname-validation

Edit online

Use the server-hostname-validation stanza entry to control whether WebSEAL performs hostname validation on server certificates presented by Junctioned servers.

Syntax

server-hostname-validation = {disabled|critical|warning}

Description

Specifies whether hostname validation will be performed on the server certificates which are presented by junctioned servers. If enabled, the DNS hostname of the configured server will be checked against the CN and SAN fields of the server certificate.

If the expected CN is specified, using the '-O' option, during junction creation the hostname validation will not be performed.

You can customize this configuration item for a particular junction by adding the adjusted configuration item to a [junction:{junction_name}] stanza, where {junction_name} refers to the junction point for a standard junction (including the leading / character) or the virtual host label for a virtual host junction.

Options

disabled: No hostname validation will take place. This is the default.
critical: Hostname validation will take place and connections will be rejected if the validation fails.
warning: Hostname validation will take place, but connections will still be allowed if the validation fails. A warning message will however be displayed.

Usage

This stanza entry is optional.

Default value

default

Example

server-hostname-validation = critical