AnsweredAssumed Answered

SSL and "Subject CN mismatch vulnerability"

Question asked by jeevan.nayini912287 on Jan 22, 2018

Hello Guys,

 

our environment:

our Test Cluster consists of 2 on premise servers( not Cloud) which in turn runs 2 atoms respectively and the requests are served by a single  HA proxy load Balancer.

 

Vulnerabilities:

we had to Enable TLS 1.2 and get rid of " CN mismatch Vulnerability"

 

we requested new certificates on both servers with Loadbalancers Names as Alias ( SAN) and configured them. then we enabled TLS 1.2 in atom's config. we are using Load balancer's cert( as LB is serving these requests to these servers) inside Shared Webserver's SSL cert field( Not sure if this is right).

 

 

Bamm, we enabled TLS.1.2 and Disabled other protocols

 

outstanding Vulnerability: " Subject CN mismatch"

 

are we doing anything wrong here. Should we use Server certificates in shared webserver section with Load balancer's hostname as SAN?

Outcomes