Server Certificate Validation

In LoadMaster firmware version 7.2.52 (and Long Term Support (LTS) version 7.2.48.3) a new Server Certificate Validation check box was added for LDAP and syslog configuration.

For LDAP configuration, the Server Certificate Validation check box appears in Certificates & Security > Remote Access > WUI Authorization Options when an LDAP Endpoint with either StartTLS or LDAPS as the LDAP Protocol is selected.

There is a known issue that Server Certificate Validation does not work with StartTLS.

For syslog configuration, the Server Certificate Validation check box appears in System Configuration > Logging Options > Syslog Options when TLS is selected as the Remote Syslog Protocol.

When Server Certificate Validation is enabled, it ensures that the host name or IP address that was used to initiate the secure connection resides in the Certificate Subject or Subject Alternative Names (SAN) of the certificate.

Server Certificate Validation is disabled by default.

Application Programming Interface (API) Details

You can retrieve the value of the wuiservercertval parameter using the RESTful API get command, for example:

/access/get?param=wuiservercertval

You can configure the value of the wuiservercertval parameter using the set command, for example:

/access/set?param=wuiservercertval&value=<0/1>

Valid values are:

  • 0 - Disabled

  • 1 - Enabled

You can retrieve the value of the syslogcert parameter using the RESTful API get command, for example:

/access/get?param=syslogcert

You can configure the value of the syslogcert parameter using the set command, for example:

/access/set?param=syslogcert&value=<0/1>

Valid values are:

  • 0 - Disabled

  • 1 - Enabled

For further details on the RESTful API in general, refer to the LTS RESTful API Interface Description document.

For PowerShell help, run the Get-Help command for the relevant commands.

Was this article helpful?

0 out of 0 found this helpful

Comments