Server Identity Validation is a security feature in Experience Portal. During a normal TLS handshake between the client and server, the TLS client verifies the validity, trusted CA, and valid signature of the server certificate. The TLS client optionally performs an additional security check to authenticate the identity of the server against the server certificate during the TLS handshake. To authenticate the server, the TLS client verifies that the server is located at the same network address as the domain name and/or IP address specified in the server certificate.
When Server Identity Validation is enabled, all the components of Experience Portal that act as a TLS client verifies the identity of the remote server that it is establishing a connection with. TLS clients verify that the certificate asserts an identity in the Subject Common Name and/or Subject Alternate Name of the certificate that matches the FQDN of the established connection. If it does not match, the connection is dropped.
The following table lists the Experience Portal components that establish secure connections and performs additional security checks if Server Identify Validation is enabled:
Client |
Server |
Capability |
Primary EPM |
LDAP server |
LDAP Settings web page LDAP User authentication |
Primary EPM |
System Manager |
System Manager Settings web page System Manager Single Sign-On authentication |
Primary EPM and Auxiliary EPM |
Email Server |
Email TLS connections (SMTP, IMAP4, and POP3) |
Primary EPM and Auxiliary EPM |
SMS SMPP Gateway |
SMPPS connections |
Primary EPM and Auxiliary EPM |
SMS HTTP Server |
HTTPS connections |
Primary EPM and Auxiliary EPM |
Application Server |
HTTPS connections |
Primary EPM |
Auxiliary EPM |
HTTPS connections |
Primary EPM |
MPP |
HTTPS connections |
MPP |
Speech Server |
MRCP V2 connections |
MPP |
Application Server |
HTTPS connections |
MPP |
Session Manager |
SIP TLS connections |
