Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A.
The host field in the HTTP header.
B.
The server name indication (SNI) extension in the client hello message.
C.
The subject alternative name (SAN) field in the server certificate.
When SSL certificate inspection is enabled on a FortiGate device, the system uses the following three pieces of information to identify the hostname of the SSL server:
Server Name Indication (SNI) extension in the client hello message (B):The SNI is an extension in the client hello message of the SSL/TLS protocol. It indicates the hostname the client is attempting to connect to. This allows FortiGate to identify the server's hostname during the SSL handshake.
Subject Alternative Name (SAN) field in the server certificate (C):The SAN field in the server certificate lists additional hostnames or IP addresses that the certificate is valid for. FortiGate inspects this field to confirm the identity of the server.
Subject field in the server certificate (D):The Subject field contains the primary hostname or domain name for which the certificate was issued. FortiGate uses this information to match and validate the server’s identity during SSL certificate inspection.
The other options are not used in SSL certificate inspection for hostname identification:
Host field in the HTTP header (A):This is part of the HTTP request, not the SSL handshake, and is not used for SSL certificate inspection.
Serial number in the server certificate (E):The serial number is used for certificate management and revocation, not for hostname identification.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit