Using SNI with SSL intercept is not working in a forward proxy deployment
Last Updated April 21, 2018
SNI (Server Name Indication) is an extension of the TLS protocol, and is used by the client to indicate the hostname the client is attempting to connect to at the start of the SSL handshake. This allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites to be server off the same IP address without requiring all those sites to use the same certificate.
Users whose browsers (or Proxies) do not support SNI will be presented with a default certificate and hence are likely to receive certificate warnings,(or missing images or objects) unless the server is equipped with awildcard cardthat matches the name of the website.
The use of SNI was introduced in to SGOS versions 6.2. Users of older SGOS versions including 5.4 and 5.5 will need to upgrade to at least 6.2 for SNI to work properly.
6.7.4.x versions introduced SNI support for Reverse Proxy deployments. Refer to the 6.7.4.X Release Notes for more information
Imported Document ID: 000014488
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.