Forum Discussion

Nimbostratus

Oct 19, 2010

Is it possible to apply client ssl profile on the fly

I'm trying to find out if it is possible to use an irule to apply a client ssl profile on the fly based on the hostname. We have a requirement to enable ssl on a group of websites that are hosted on t...

Cirrostratus

Oct 19, 2010

Hi Ky,

It's possible to set a client SSL profile from an iRule using SSL::profile $clientssl_profile_name to switch which cert LTM presents the client. However, it's not practical with a typical user base (XP clients) to check which hostname the client is requesting and then specify the client SSL profile.

You can read about this here:

http://en.wikipedia.org/wiki/Server_Name_Indication

Note that XP doesn't support SNI for any IE version.

If you can get a single cert which is valid for all of the hostnames, then you can avoid this issue of trying to select the correct server cert.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is it possible to apply client ssl profile on the fly

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

SSL Profiles Part 8: Client Authentication

Client SSL Profile

Client vs Server SSL profile

F5 BIG-IP Advanced WAF – DOS profile configuration options.

F5 BIG-IP Advanced WAF – "dos profile" reporting

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS