Refer to the exhibit, which shows an SSL certification inspection configuration.
Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?
If the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate, FortiGate uses the CN information from the Subject field in the server certificate. This allows FortiGate to continue the SSL/TLS handshake using the CN, ensuring the continuity of the connection even when there is a mismatch with the SNI.
If the domain in the SNI field does not match any of the domains listed in the CN and SAN fields, FortiGate uses the domain in the CN field instead of the domain in the SNI field.
answer is B : Enterprise_Firewall_7.2_Study_Guide-Online.pdf / p 238
The Correct answer i B as detailed on page 238 in the Study Guide.
study guide page 238
Answer B p238
D is correct. Read the question. CN does not match.
B is correct Study Guide p238