For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jforaker's avatar
jforaker
Icon for Nimbostratus rankNimbostratus
Mar 10, 2014

Client SSL profiles using SNI not able to use the subject alternative name

We have a clientssl profile using a *.domain.com wildcard SSL certificate. This profile is set as the default for SNI. We also have specific clientssl profiles using the application specific SSL cer...
application delivery
client-side
clientssl
deployment
LTM
sni
crraymond_14666's avatar
crraymond_14666
Icon for Nimbostratus rankNimbostratus
Apr 24, 2015

It doesn't seem to accept commas in 11.5.2

 

  • Michael_Voight_'s avatar
    Michael_Voight_
    Historic F5 Account
    Aug 20, 2018

    The 11.6.1 release notes also indicate the default for the server name field is now the SAN. Formerly it was the common name.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 20, 2018

    But again, what really matters here is what's in the Server Name field of the client SSL profile. This is what the F5 matches the Client Hello SNI against. It's true that browsers are starting to require a SAN value in server certificates (ex. Chrome 58), but that's irrespective of the SNI-profile match.