webseal-cert-keyfile-sni
Use the webseal-cert-keyfile-sni stanza entry to configure WebSEAL to send a server certificate that contains a host name, which matches the host name in the initial browser request.
webseal-cert-keyfile-sni = <host_name>:<label>Description
This configuration has the following requirements:
- The user uses TLS over SSL to connect to WebSEAL. SSLv2 and SSLv3 are not supported.
- The browser supports Server Name Indication.
Use the webseal-cert-keyfile-sni configuration entry to specify the certificate that WebSEAL sends for a particular host name.
We can specify this configuration entry multiple times. Specify a separate entry for each server certificate.
If WebSEAL does not find an entry for the host name in the browser request, WebSEAL sends the default certificate specified by the webseal-cert-keyfile-label entry. WebSEAL also uses the default certificate if the request does not meet the Server Name Indication requirements. For example, if the browser does not support Server Name Indication.
Options
<host_name> The name of the host to which WebSEAL returns the certificate. <label> The label of the certificate for WebSEAL to use. Specify the certificate that contains a dn value of cn=<host_name>.
Usage: Optional
Default value None.
Example:
webseal-cert-keyfile-sni = hostA.abc.ibm.com:hostAcert webseal-cert-keyfile-sni = vhostB.abc.ibm.com:vhostBcert