On Thu, Feb 8, 2018 at 7:36 AM, Belmona, Nizar <nbelm...@cscgroup.com> wrote:
> Thanks Rainer and Daniel. > > Sorry for the confusion and please let me clarify. > > > > We have a web server with Apache 2.2.22 with OpenSSL 0.9.8t, the Apache > service launches fine and the users/developers are able to connect however > developers through their code bypass the Server SSL certificate > verification. I am not worried about the client certificate validation > since we are not using it, all the concern is we need to stop users > bypassing the Server SSL verification who are claiming they have to bypass > it since the certificate name doesn’t match the server name in the link > being called. Kindly note that configuration in hhtpd.conf is: > You can't stop them unless you control the client. You only control the server. The only thing you could do is provide a better certificate.