Clarification of K13452 - SNI (v12)
"K13452: Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature" creates a "base client SSL profile".
Question 1: is a requirement that "fallback (default) client SSL profile" and "client SSL profiles" share the same parent profile (ie. "base client SSL profile") or is it for convenience (since "F5 recommends that you configure the following settings with the same values for all of the SSL/TLS SNI profiles associated with the same virtual server")?
Question 2: in section "Configuring the virtual server for TLS SNI", it's stated: "Select the backup client SSL profile ...", is it meant to state "Select the fallback client SSL profile ..."
Unrelated question 3: in what use-cases would Client SSL's "cert-key-chain" contain more than one set (of cert/chain/key/passphrase/ocsp-stapling-params)?
Unrelated question 4: Client SSL has a read-only attribute, "inherit-certkeychain" - what is it's purpose? Is it for iRules; otherwise, won't looking at "defaults-from" and "cert-key-chain" give same information?
Thanks in advance.