Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

jforaker's avatar
jforaker
Icon for Nimbostratus rankNimbostratus
12 years ago

Client SSL profiles using SNI not able to use the subject alternative name

We have a clientssl profile using a *.domain.com wildcard SSL certificate. This profile is set as the default for SNI. We also have specific clientssl profiles using the application specific SSL cer...
application delivery
client-side
clientssl
deployment
LTM
sni
crraymond_14666's avatar
crraymond_14666
Icon for Nimbostratus rankNimbostratus
11 years ago

It doesn't seem to accept commas in 11.5.2

 

  • Michael_Voight_'s avatar
    Michael_Voight_
    Historic F5 Account
    7 years ago

    The 11.6.1 release notes also indicate the default for the server name field is now the SAN. Formerly it was the common name.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    7 years ago

    But again, what really matters here is what's in the Server Name field of the client SSL profile. This is what the F5 matches the Client Hello SNI against. It's true that browsers are starting to require a SAN value in server certificates (ex. Chrome 58), but that's irrespective of the SNI-profile match.