On Thu, Feb 8, 2018 at 7:36 AM, Belmona, Nizar <nbelm...@cscgroup.com>
> Thanks Rainer and Daniel.
> Sorry for the confusion and please let me clarify.
> We have a web server with Apache 2.2.22 with OpenSSL 0.9.8t, the Apache
> service launches fine and the users/developers are able to connect however
> developers through their code bypass the Server SSL certificate
> verification. I am not worried about the client certificate validation
> since we are not using it, all the concern is we need to stop users
> bypassing the Server SSL verification who are claiming they have to bypass
> it since the certificate name doesn’t match the server name in the link
> being called. Kindly note that configuration in hhtpd.conf is:
You can't stop them unless you control the client. You only control the
server. The only thing you could do is provide a better certificate.