I'm trying to get clarity on the documentation around SAN names in SSL certificates. The documentation says "When using a Subject Alternative Name (SAN) certificate, alternate source names are not matched against the host header." but this note comes after the section describing "Require SNI hostname", and I'm not clear whether it only applies if SNI is enabled.
Should the Kemp match SAN names in my certificate against the hostname when SNI is not enabled?
My experience is that it does not, and that requests which should match the SAN certificate are being presented with a different SSL certificate which is present on the virtual service (a wildcard cert).