Need help to install two SSL certificates issued from different certificate authority at BIG IP LTM virtual server.

Question

Need help to install two SSL certificates issued from different Certificate Authority at BIG IP LTM virtual server&nbsp;
Understand that if multiple certificates are needed to install at one virtual server, one of the SSL client profile must be configured as default SNI and chain and root certificate must be the same. 
Hence, I would like to know if there is a way to install two different SSL cert which has different chain and root certificate at one virtual server?&nbsp;
TMOS version is 11.5.3.
Thanks!&nbsp;

josiah_39459 · Answer

Why do you need to install two certs on one vip?  How will you select which cert to use on a given connection?  Since Host (HTTP layer 7) is higher layer than SSL, you won't be able to access the host information to "switch" certificates until after the SSL handshake, which means you will always have untrusted connection errors in web browers.&nbsp;
Or do you actually have some implementation where you choose the cert based on client source ip?&nbsp;

alice_214810 · Answer

I can actually install two certificates at one VIP. To achieve this, one SSL client profile must be configured as default SNI and as for another profile, you need to define URL at server name parameter.

Forum Discussion

Need help to install two SSL certificates issued from different certificate authority at BIG IP LTM virtual server.

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: Management Certificate

My Security+ Certification Journey

Certifications for security professionals

Certificate Expiry Email alert configuration

C3D forged certificate