![]() |
When the AE Services TSAPI or CVLAN client establishes a secure connection to the AE Services Server, the server sends a certificate to the client that allows the client to verify the server's identity. This process is known as server certificate authentication This process is the same if you use your own certificates or if you use the AE Services default server certificate, or AE Services self-signed certificate. See Figure 1: Server certificate authentication figure for an illustration.
The client sends a request to the server for a secure session.
The server sends its server certificate to the client.
The client checks the server certificate to determine the following:
If the server certificate is issued by a certificate authority that the client trusts, the client checks the name of the CA.
To comply, the name of the certification authority (CA) on the certificate must match the name of the CA on the client’s trusted certificate.
If the server certificate is within its validity window.
The client checks to see if the current time falls between the Not Before and Not After dates in the server certificate.
If the common name in the server certificate matches the name of the server to which the client is connected.
If the names do not match, the client cannot trust the certificate. This only applies if the client has been configured with Verify Server FQDN=1.