Forum Discussion
Nimbostratus0107149c:3: Virtual server /Common/new-panorama_ON has more than one clientssl/serverssl profile but none of them is default for SNI
I am trying to remove ssl cert from client on the vip but whenever i am trying to its showing 0107149c:3: Virtual server /Common/new-panorama_ON has more than one clientssl/serverssl profile but none of them is default for SNI., so can you help the process for removal of cert from vip ?
2 Replies
- Kevin_Stewart
Employee
You appear to be doing SNI-based client SSL profile switching on the VIP, and have multiple client SSL profiles applied. At least one of those client SSL profiles must be marked as "default for SNI", so I'm guessing that's the one you're trying to remove. YOu have two options:
- Switch the "default for SNI" option to one of the other client SSL profiles.
- Remove all of the client SSL profiles temporarily, enable "default for SNI" on one that you intend to keep, and then add them all back to the VIP.
- Kevin_Stewart
Interesting. So I just tested, and my first option above doesn't work. However, you could use a TMSH transaction to make it happen:
!/bin/bash tmsh << EOF create cli transaction modify ltm profile client-ssl test1-clientssl sni-default true modify ltm profile client-ssl test2-clientssl sni-default false submit cli transaction EOFThis will change two client SSL profiles at the same time, allowing you to switch the "Default for SNI" option to another active profile.
