Using multiple SSL Profiles on a single virtual server

can you post the clientssl profiles configuration?

 tmsh list ltm profile client-ssl (name)

Yes, both client SSL profiles are exactly the same except for the cert and key.

Both certs are issued from DigiCert. Both certs are wildcard.

1. *.xyz.something.org (Default SNI)
2. *.whatever.org

Has anyone been successful using more than 1 SSL profile on a virtual server?

I think the cleanest solution may be to create another VIP and use 1 SSL profile per VIP, knowing that you will need to make DNS changes.

Have you been able to resolve the issue? I am facing the same.

To configure multiple Client ssl profiles on one virtual server, you need to configure "Server name" configuration on all profiles

In the example profile clientssl_something

• certificate : wildcard_something
• key : wildcard_something
• Chain : DigiCert
• Default SNI : Yes
• Server Name : *.xyz.something.org

profile clientssl_whatever

• certificate : wildcard_whatever
• key : wildcard_whatever
• Chain : DigiCert
• Default SNI : No
• Server Name : *.whatever.org

Hi Stanislas,

Assigning multiple profiles to VIP will have any impact on existing services? Please help clarifying my doubt.

We ran into the same error this morning but for a different reason. The virtual server in question also have multiple SSL client profiles attached, one is for a wildcard cert and the other two are not. We were replacing the non-wildcard certs, and at the same time created new SSL client profiles. During this step, in the new SSL client profile, I changed the Cipher setting to exclude certain cipher suites to be used, but I didn't make the same change for the profile for the wildcard cert, as there is no cert change there. BIG-IP wouldn't accept the new client profiles until all three client profiles to attach to this VS has the same cipher string setting.