Forum Discussion
F5_Freek_243545
Nimbostratus
NimbostratusCan we have multiple Client SSL profile on single VIP?
Hi There,
Can we have multiple client SSL profile on single VIP? I am looking for some help on this.
We need to have some rules like below.
www.mywebsite.rain.com --> SSL Profile SSL_rain
www...
Yes. You need to enable the Server Name Indication (SNI) feature. https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html?sr=50950622 SOL13452: Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature
F5_Freek_243545Nimbostratus
NimbostratusThere is a challenge that the client must support TLS SNI right? We have internet based clients and cant predict the nature of the clients.
Can we create an irule for the same ?
i agree with cg4unix.
In any case, the iRule itself cannot solve this issue because it does not see the hostname unless SNI is enabled and supported. Alternatives are wildcard or SAN certs. With wildcard certs you will have only one profile, the iRule can chose a pool based on the host name.