Forum Discussion

Nimbostratus

Jun 18, 2008

Multiple ClientSSL profiles to same VIP

Is it possible to have multiple clientSSL profile mapped to one VIP? I have two sites hosted on single VIP. Eg. abc.com and xyz.com. Both have same VIP 1.1.1.1:443. But different certificate/ke...

Cirrostratus

Jun 18, 2008

I think this post has the evolution of this question (Click here).

The practical answer for current versions is you can only support one certificate per virtual server. A wildcard cert for *.example.com would allow you to host a.example.com and b.example.com on the same VIP using one cert. Using Subject Alternate Names (SANs) would allow you to host abc.com and xyz.com on the same VIP with one cert. At some point F5 and browsers will probably support the server_name extension for TLS to allow support for multiple certs on a single IP address and port. To request F5 support this extension, you can open a case with F5 and ask them to attach it to CR94903.

Aaron

Forum Discussion

Multiple ClientSSL profiles to same VIP

Recent Discussions

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Portal Access to HTTPS resources slow

Related Content

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

TLS server_name extension based routing without clientssl profile

limit to number of clientssl profiles

Make a copy of all existing clientssl profiles requiring TLS1.2

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB