NSE 4 – FortiGate 7.2 — Question 98
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Answer options
- A. The host field in the HTTP header
- B. The subject alternative name (SAN) field in the server certificate
- C. The subject field in the server certificate
- D. The server name indication (SNI) extension in the client hello message
- E. The serial number in the server certificate
Correct answer: B, C, D
Explanation
FortiGate relies on the subject alternative name (SAN) field, the subject field, and the server name indication (SNI) extension to accurately identify the hostname of the SSL server. The host field in the HTTP header is not always present or reliable for hostname identification, and the serial number in the server certificate does not provide hostname information.