NSE 7 – Network Security Technologies 7.2 — Question 16

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

Answer options

• A. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
• B. FortiGate uses the CN information from the Subject field in the server certificate.
• C. FortiGate uses the first entry listed in the SAN field in the server certificate.
• D. FortiGate uses the SNI from the user’s web browser.

Correct answer: D

Explanation

The correct answer is D because FortiGate will use the SNI from the user's web browser to establish the connection. Options A, B, and C are incorrect because they imply that FortiGate would take action based on the server certificate rather than the SNI from the client, which does not align with the default behavior of FortiGate in this scenario.