Nimbostratus
Is it possible to have multiple clientSSL profile mapped to one VIP? I have two sites hosted on single VIP. Eg. abc.com and xyz.com. Both have same VIP 1.1.1.1:443. But different certificate/key pair.
I want F5 to SSL offload for both the sites.
Cirrostratus
The practical answer for current versions is you can only support one certificate per virtual server. A wildcard cert for *.example.com would allow you to host a.example.com and b.example.com on the same VIP using one cert. Using Subject Alternate Names (SANs) would allow you to host abc.com and xyz.com on the same VIP with one cert. At some point F5 and browsers will probably support the server_name extension for TLS to allow support for multiple certs on a single IP address and port. To request F5 support this extension, you can open a case with F5 and ask them to attach it to CR94903.
Aaron
Nimbostratus
i am also in the situation where i already have server name identification (sni) on the server-side and want/need to bring ssl termination to the big-ip. do you have any status on CR94903? will that be introduced in the near future? anything on the roadmap?
would be great to get some input on that - to be able to estimate the possibilities.
as far as I know other loadbalancing platforms have the same limitations.
thanks and best regards,
daniel
NimbostratusCirrostratus
Aaron