shadow82
Aug 02, 2023Cirrus
F5 redirect
Hi! I have 2 F5s active standby cluster BIG-IP 16.1.3 build 0.0.12 and I have a VServer called: xyz.acme.com:443. It's public internet facing, with public cert imported as a server profile - works ...
I don't think it will work ,as you said you have a cert only for the first domain.
You probably need a wildcard cert for *.acme.com
or a SAN certificate.
I agree with other MVP's here, SSL will see SNI mismatch at handshake time and return a warning.
You need to import a wildcard certificate (which you might already have bought) , or to renew xyz.acme.com with z.acme.cm as the SAN, or to request z.acme.com cert (and in this case, you also need to configure two clientSSL profiles on the BIG-IP)