LTM support multiple SAN certs on single virtual server

Question

System: BIG-IP versions earlier than 11.5.x
Requirement: Offload multiple SAN certs on single Virtual Server&nbsp;
Have an end-user requirement to offload multiple SAN certs on single Virtual Server due to financial entity reason, and is it possible or workaround to achieve this?&nbsp;
SAN cert 1 (existing)
abc.com
cde.com&nbsp;
SAN cert 2 (new)
fgh.com
hij.com&nbsp;
Thanks in advanced.&nbsp;

kevin_stewart · Answer

Unfortunately a single LTM client SSL profile can't specify multiple server name (SNI) values, and an SNI client SSL profile is "selected" based on the Server Name attribute in the profile. What you can do is define a separate client SSL profile for each SAN value (plus the CN if different) and apply all of those to the LTM VIP. So for your example:&nbsp;
SAN cert 1 would create two client SSL profiles, each with a different Server Name value (abc.com and cde.com). SAN cert 2 would create two separate client SSL profiles. Apply all four SSL profiles to the VIP.&nbsp;

kevin_stewart · Answer

You are indeed correct. Good catch. Fortunately Don was talking about 11.5.0 and older, so I wasn't completely wrong. ;)&nbsp;

Forum Discussion

LTM support multiple SAN certs on single virtual server

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Three Ways to Specify Multiple Ports on a Virtual Server

Remove iRule From Multiple Virtual Servers (Fork /w multiple partition support)

Using n8n To Orchestrate Multiple Agents

Support and Help for DevCentral and Offline Contact

APM Configuration to Support Duo MFA using iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS