When a Reflection for the Web session is set to use TLS to connect to the host or the Security Proxy Server, the emulator applet authenticates the server to which it is connecting using the host or security proxy certificate.
When Enable server identity verification is selected, the applet checks the common name on the certificate against the name of the host or server. You must ensure that the common name on the server certificate is the same as the name of the host or proxy server to which it has been issued.
When the client verification option is cleared, the applet verifies that the server has a trusted certificate, but does not check that the server presenting the certificate is actually the one to which the certificate was issued.
If the connection uses TLS, the common name on the server certificate must always match the host or security proxy server name, regardless of whether server identity verification is selected.
You can override this setting on a per session basis with the serverIdentityOverride applet parameter.
Related topics