Multiple certificates to a single Virtual Server?

This is a different case can we apply single SAN certificate to multiple VIP's ?

For applying multiple certificate to a single VIP, you have a few choices:

 

1. A single SAN certificate - a cert with multiple server name values in the subject alt name field.

    

2. An SNI (server name indicator) config - if your clients all support TLS, the client will send the intended server name in its CLIENTHELLO message during the SSL handshake. You can create multiple client SSL profiles, assign a separate server name string to each, and then assign all of these profiles to the same VIP. The SNI capability will allow the VIP to choose which client all profile to use based on the client's request.

    

can we apply single SAN certificate to multiple VIPs?

 

I haven't tested this, but I don't see why not. The client will resolve a server name to an IP and then contact a VIP. If that VIP presents a certificate that the client can trust, then all is good. I don't imagine that a single server name inside that SAN cert would be used across multiple VIPs, but the individual server names could be used anywhere.

 

Yes, single SAN cert can be applied to multiple VIP. Just make sure that domain name should be present in alternative name. If you want to apply multiple cert to 1 VIP, this can be done with SNI feature. But you should be running v 11.x. with SNI feature you can assign multiple client ssl profiles to single VS.

I have a similar problem.....2 SSL certificates with on a single VIP. The issue we're seeing is if you browse to a VIP in Chrome or some other browser, you see the expected certificate which is for a private DNS record. However, when a server on the network makes an HTTPS request to the same VIP, it sees the SSL cert that covers the public DNS record - same when you do an openssl check. We have the "Default SSL Profile for SNI" option enabled for the certificate that covers the public DNS record. Any suggestions aside from getting a SAN cert?