Hello,
I currently have ATS configured to support a pristine host header. proxy.config.url_remap.pristine_host_hdr 1 I also have ATS configured to verify the origin server certificate. proxy.config.ssl.client.verify.server 1 My remap looks like this. map https://edge.abc.com/ https://origin.xyz.com/ Because pristine is enabled, when ATS sends a request back to the origin, it uses a SNI value of: edge.abc.com However, the origin returns a certificate that does not match the SNI. Because the requested SNI and the returned CN/SAN do not match, coupled with verify.server enabled, ATS terminates the origin session and sends a 502 back to the client. Is there another control or configuration that allows me to define which SNI value to send back to the origin ? I need to keep pristine enabled and I need verify.server enabled. Thanks in advance.
