From b0de16c688008080fd483525f0f0351ff542c64d Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Thu, 12 Jan 2023 22:56:25 -0500 Subject: [PATCH] backport of commit 6336255e6ac48215ba53617337b23ffcf554fe56 (#15973) Co-authored-by: Ranjandas --- .../docs/connect/config-entries/terminating-gateway.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index b30c89bfa7..f8e7b678ee 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -679,7 +679,8 @@ spec: name: 'SNI', type: 'string: ""', description: - 'An optional hostname or domain name to specify during the TLS handshake.', + `An optional hostname or domain name to specify during the TLS handshake. This option will also configure [strict SAN matching](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-certificatevalidationcontext-match-typed-subject-alt-names), which requires + the external services to have certificates with SANs, not having which will result in \`CERTIFICATE_VERIFY_FAILED\` error.`, }, ], },