Forum Discussion

T_Rajneesh's avatar
Icon for Nimbostratus rankNimbostratus
Sep 23, 2020

can we have two SSL certificates attached to VIP - one is internal CA and other on is external CA

I have VIP which is configured to have ssl offloading on F5 VIP. I have multiple URL's accessing same VIP with different back end server.

i.e., the request are being send to back end pool based host name via i-rule. Wanted to know if i can apply one external CA cert for one URL and internal certificate for other URL on VIP ?


example : URL1 -

URL2 - -



pool1 - abc

pool2 - xyz

SSL - client-ssl_abc & client_ssl_xyz






4 Replies

  • here, i'm not taking about SAN name added to certificate.. One is external CA with one SAN name and one is internal CA with other SAN name.. can these two be applied on single VIP


  • Yes you can bind multiple client SSL profiles on same VIP and each client profile can have different certificates (public CA/internal). Just before binding multiple client SSL profiles on single VIP, you need to define one of the profile as a default/fallback SSL profile. You can define one of the client SSL profile as a default/fallback SSL by checking option Default SSL Profile for SNI under Client SSL profile advance settings.

    With this, you should be good.