Troubleshooting
Problem
In order for Webseal to handle SSL requests, an SSL certificate has to be issued for the domain name registered for Webseal.
Symptom
N/A
Cause
Some customers have a requirement to have multiple domain names registered and used for the same Webseal server. Webseal is configured to use one SSL certificate which is issued for one domain name. If a user requests a certain domain name via an SSL channel and gets a certificate that belongs to another domain name, his browser will pop an alert for a security risk
Resolving The Problem
One very neat solution to a situation as such is to have the SSL certificate issued with the SAN property. Subject Alternative Name (SAN) is part of the X.509 standard for a public key certificate that permits the certificate to identify more than one entity or device.For example, a digital certificate that provides SSL encryption for domain name www.webseal1.com can also include www.webseal2.com as a SAN so that users would use either of www.webseal1.com or www.webseal2.com to access the same Webseal server.
In such case no extra configuration steps will be required on the Webseal's side. From a Webseal point of view this will be just another normal certificate that will be used as Webseal's certificate keyfile.
Certificate overview
SAN configured for 2 alternative host names
Connecting to www.webseal1.com
Connecting to www.webseal2.com
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21450542