Configure NDcPP compliance certificate check
NDcPP compliance certificate check applies when NetScaler acts as a client (back-end connection). During certificate verification, ignore the common name if SAN is present in the SSL certificate.
At the command prompt, type the following commands to configure the “ndcppComplianceCertCheck” attribute in the SSL parameter:
set ssl parameter [-quantumSize <quantumSize>] [-crlMemorySizeMB <positive_integer>] [-strictCAChecks (YES | NO)] [-sslTriggerTimeout <positive_integer>] [-sendCloseNotify (YES | NO)] [-encryptTriggerPktCount <positive_integer>] [-denySSLReneg <denySSLReneg>] [-insertionEncoding (Unicode|UTF-8)] [-ocspCacheSize <positive_integer>][- pushFlag <positive_integer>] [- dropReqWithNoHostHeader (YES | NO)] [-pushEncTriggerTimeout <positive_integer>] [-ndcppComplianceCertCheck ( YES | NO)] [-heterogeneousSSLHW (ENABLED | DISABLED )]
<!--NeedCopy-->
Example:
set ssl parameter -quantumSize 8 -crlMemorySizeMB 256 -strictCAChecks no -ssltriggerTimeout 100 -sendClosenotify no -encryptTriggerPktCount 45 -denySSLReneg NONSECURE -insertionEncoding unicode -ocspCacheSize 10 -pushFlag 3 -dropReqWithNoHostHeader YES -pushEncTriggerTimeout 100 ms -ndcppComplianceCertCheck YES
<!--NeedCopy-->
Configure NDcPP compliance certificate check
In this article
Copied!
Failed!