AltostratusI'm getting this error when applying two ClientSSL profiles to a VS. The first profile (already assigned) has 'Default for SNI' enabled, the second I'm trying to add does not. Any ideas?
VE: TMOS v11.3.0 build 3138.0.
I've tried removing both profiles and re-adding and disabling 'Default for SNI' in both profiles without success.
EmployeeAny chance you have the same server name string defined in multiple client SSL profiles?
CirrostratusIt's blank in both.
EmployeeIt's blank in both.
It can't be. SNI requires unique server name values in all of the client SSL profiles. That's how LTM knows which profile to use in the SSL handshake.
CirrostratusHmmm. I'm not looking to use SNI, this is for that OCSP with CRL fallback functionality.
I've double-check the iRules wiki, I thought it suggested any profiles you wish to switch between must be assigned to the VS but on a re-reading, it seems it just needs 'a' profile to be configured.
That being the case this probably counts as my most ill informed question ever! Sorry.
EmployeeThe OCSP with CRL fallback functionality requires a single client SSL profile specified in the VIP, and the other specified in the iRule.