Forum Discussion
...has more than one clientssl/serverssl profiles that is default for SNI
I'm getting this error when applying two ClientSSL profiles to a VS. The first profile (already assigned) has 'Default for SNI' enabled, the second I'm trying to add does not. Any ideas?
VE: TMOS v11.3.0 build 3138.0.
I've tried removing both profiles and re-adding and disabling 'Default for SNI' in both profiles without success.
- Kevin_StewartEmployee
Any chance you have the same server name string defined in multiple client SSL profiles?
- What_Lies_Bene1Cirrostratus
It's blank in both.
- Kevin_StewartEmployee
It's blank in both.
It can't be. SNI requires unique server name values in all of the client SSL profiles. That's how LTM knows which profile to use in the SSL handshake.
- What_Lies_Bene1Cirrostratus
Hmmm. I'm not looking to use SNI, this is for that OCSP with CRL fallback functionality.
I've double-check the iRules wiki, I thought it suggested any profiles you wish to switch between must be assigned to the VS but on a re-reading, it seems it just needs 'a' profile to be configured.
That being the case this probably counts as my most ill informed question ever! Sorry.
- Kevin_StewartEmployee
The OCSP with CRL fallback functionality requires a single client SSL profile specified in the VIP, and the other specified in the iRule.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com