Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A.
The subject field in the server certificate
B.
The serial number in the server certificate
C.
The server name indication (SNI) extension in the client hello message
D.
The subject alternative name (SAN) field in the server certificate
"...FortiGate parses server name indication (SNI) from client Hello..."
"If there is no SNI exchanged, then FortiGate identifies the server by the value in the Subject field or SAN"
Fortigate Security 6.4 Study Guide, page 328
A,C,D are correct. Fortigate uses the server name indication (SNI) to discern the hostname of the SSL server at the beginning of the SSL handshake. If there is no SNI, Forigate looks at the subject and subject alternative name fields.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Xillar
Highly Voted 4 years, 1 month agoLionardo
Highly Voted 4 years agoSergio3000
Most Recent 2 years, 2 months agoJohnBB
2 years, 9 months agoTinPogi
3 years, 1 month agomario156090
3 years, 2 months agoStitch2020
3 years, 3 months agoMrSaintz
3 years, 4 months agoBIGRAOU
3 years, 4 months agolrosadini
3 years, 3 months agoHriibek
3 years, 4 months agoforti_Ctes
3 years, 6 months agoAkoladet
3 years, 7 months agoIshan_Dis
4 years agodavidone
4 years ago