Jump to content
Welcome to our new Citrix community!

Strict CA check backend ssl profile not working / SNI activated

Recommended Posts

To mitigate Man-in-the-middle attacks, I wan't to enforce that the backend SSL communication is getting checked by validating the presented cert is signed by a specific CA. 


Therefore I've created a new SSL profile with the flag  Strict CA check: enabled

On the service group I've bound the Profile and also bound the CA certificate.


Am I'missing something else? Because in my setup I still can reach the backend even If i do bind a wrong CA certificate.


Thing to mention as well, that the backend server has bound multiple certificates. So SNI and common name is set as well.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...