HTTPS Filtering with Subject Alternative Names SAN
Hello Community,
I am struggling to find any information on my problem. Are Fortigate Firewalls in any OS able to evaluate the Subject Alternative Name (SAN) information in a certificate?
To give a specific example: We want to monitor access to https://pastebin.com
Since the connection is TLS encrypted we have to rely on certifictae inspection (deep inspection is not an option). I know, the certificate inspection is evaluating the CN field in the presented certificate. Unfortunately, since the website is announced via Cloudflare, the CN for the website is issued for Cloudflare. Just the SAN field of the certificate states pastebin.com as valid alternative name.
At the moment I do not see any possibility to filter or monitor this. Anyone faced a similar situation and has some advice?
Kind regards,
Daniel
