Enabling host name verification
When you use FQDN-based certificates, the host name verification step of SSL protocol is bypassed due to TADDM scope definition restrictions. When you use IP-based certificates, you can enable the host name verification to fully secure the SSL connection.
TADDM scope definition is IP-address-based, not FQDN-based. Any FQDN value that is provided during the scope creation is immediately resolved to the IP address. The FQDN is not passed to the sensor when running the discovery. The sensor must use the IP address when trying to connect to the Data Power appliance. When the Data Power appliance certificate is FQDN-based, normally the SSL protocol error is raised to indicate a possible mismatch between the provided IP address and the FQDN of the service read from the certificate. To avoid this problem, the host name verification step is disabled by default.
When you use IP-based certificates, you can enable the host name verification step to fully secure the SSL connection.
- Choose the discovery profile used for your DataPower appliances discovery.
DataPowerSensorfrom the sensor list and click New.
- Change the value of the
bypassHostnameVerificationproperty to false, enable the configuration, and save it.
- Save the discovery profile.