clientssl profile with ECC certificate needs RSA Certificate
Hello guys,
Hope you could support me in the following matther.
I have already purchased an ECC wildcard certificate and I wanted to attach it to a virtual server in my BIG IP 4200 LTM box which is running version 12.1.2.
Everything went well until I got an error when creating a SSL client profile. It said "010717e3:3: Client SSL profile must have RSA certificate/key pair.", so I investigated and found that it is needed to have a RSA certificate/key in the profile besides the ECC pair. Therefore, I have the following questions about it:
Do I need to generate two certificates (one ECC and other RSA) with the same FQDN on them? Is it possible? I am using Entrust to generate my certificates.
How could I figure out which one certificate the BIG IP is showing to the client? How does the BIG IP select which certificate to show?
Is there any possibility to make the BIG IP allows the creation of an SSL profile which uses an ECC certificate/key? In future releases perhaps?
I have performed a couple of tests and it seems like the BIG IP is always showing the RSA certificate.
Thanks in advance for your help.
Best regards