Bundle Certificate

How did you apply your certificate ?

At a minimum, a certificate bundle is only required to validate a client certificate. If you're doing client certificate authentication, then you should be able to insert all of the CA certificates into a single file, which the system will sort out and choose the right one (or path) based on the client's issuer.

If you're not doing client certificate authentication, then this bundle doesn't get used.

Yes both the certificate pointing to same virtual server.

As Kevin said, you aren't using bundle certificate in the right way.

If you want to publish multiple SSL certificate on your LTM, you must have one SSL certificate per fqdn or domain depending on if they are wildcard certificates or not.

I have bundled both the certificate into one and assigning this bundle to one virtual server. But I can access virtual server with one fqdn only,The other fqdn is not been accessible to me.My take on this, if I have both certificate in a bundle both fqdn should be accessible. If I use the certificate one at a time I can access both the fqdn.

When you say "The other fqdn is not been accessible", have you got a certificate issue or something else ?

What you can try is to use multiple certificates, and assign them with an iRule (or policy if you're on 11.4 version).

Back to squire one, I am sorry for the not mentioning full story. I have two wildcard certificate each for one fqdn. I have tested as follows. Case:-1 I was struggling with SNI if my fallback client side profile works( configured with one wildcard certificate ) it did not work,resulted in SNI related error. Case:-2 I have made a bundle including both wildcard certificate (each pertaining to one fqdn),again I didn't succeeded in this case.

My final questions: Is it possible to use both wildcard certificate to work on single virtual server? to be very specific can I access domain A as well as Domain B while I am using wildcard cert for both the domain,If I can then ...how..! Sorry, if my questions look odd.

In short, using SNI it is possible to use multiple wildcard certs on one VIP. You must configure each client SSL profile accordingly:

1. The wildcard cert and key
2. The Server Name attribute must match the cert common name (ex. *.domain.com)
3. In one of the profiles you must select the "Default SSL Profile for SNI"

Add both client SSL profiles to the VIP.

You cannot use a bundle cert in this instance, because you need a mechanism like SNI to be able to switch between the certs based on the client request. The one big caveat with SNI is that it's only supported by clients that support TLS. That's not so much an issue these days, but anyone running Windows XP and IE6 (and below) will have problems.