our Test Cluster consists of 2 on premise servers( not Cloud) which in turn runs 2 atoms respectively and the requests are served by a single HA proxy load Balancer.
we had to Enable TLS 1.2 and get rid of " CN mismatch Vulnerability"
we requested new certificates on both servers with Loadbalancers Names as Alias ( SAN) and configured them. then we enabled TLS 1.2 in atom's config. we are using Load balancer's cert( as LB is serving these requests to these servers) inside Shared Webserver's SSL cert field( Not sure if this is right).
Bamm, we enabled TLS.1.2 and Disabled other protocols
outstanding Vulnerability: " Subject CN mismatch"
are we doing anything wrong here. Should we use Server certificates in shared webserver section with Load balancer's hostname as SAN?