Forum Discussion
2 Replies
- DenverRB_326662Nimbostratus
You could use a wildcard certificate on the client side and then load balance.
 
Example Here -
 
https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html?lc=1
 
- rob_carrCirrostratus
The certificate offered by the clientssl profile and the certificates offered by the application servers don't have to be the same. Along with that, by default the serverssl profile doesn't verify certificates by default, so having different certificates on each of your application servers isn't necessarily an issue.
If you do want to have certificate verification between the BIG-IP and the backend servers, it appears that you can only provide one set of trusted certificate authorities, so you will either need to have all server provided certificates chain to the same CA or use some method of profile switching to change the serverssl profile to match the selected back-end server.