encryption with server authentication enabled, you can include a common name in
the configuration of an SSL service or service group. The name that you specify
is compared to the common name in the server certificate during an SSL
handshake. If the two names match, the handshake is successful.
If the common names do not match, the common name
specified for the service or service group is compared to values in the subject
alternative name (SAN) field in the certificate. If it matches one of those
values, the handshake is successful.
This configuration is especially useful if there are, for example,
two servers behind a firewall and one of the servers spoofs the identity of the
other. If the common name is not checked, a certificate presented by either
server is accepted if the IP address matches.
Note: Only domain name, URL, and email ID DNS entries in
the SAN field are compared.