Multiple ClientSSL profiles to same VIP

I think this post has the evolution of this question (Click here).

 

 

The practical answer for current versions is you can only support one certificate per virtual server. A wildcard cert for *.example.com would allow you to host a.example.com and b.example.com on the same VIP using one cert. Using Subject Alternate Names (SANs) would allow you to host abc.com and xyz.com on the same VIP with one cert. At some point F5 and browsers will probably support the server_name extension for TLS to allow support for multiple certs on a single IP address and port. To request F5 support this extension, you can open a case with F5 and ask them to attach it to CR94903.

 

 

Aaron

hi hoolio,

 

 

i am also in the situation where i already have server name identification (sni) on the server-side and want/need to bring ssl termination to the big-ip. do you have any status on CR94903? will that be introduced in the near future? anything on the roadmap?

 

 

would be great to get some input on that - to be able to estimate the possibilities.

 

as far as I know other loadbalancing platforms have the same limitations.

 

 

thanks and best regards,

 

daniel

Has anyone heard anything about this yet? It seems like they've had this CR open for a long time with no comment.

To get some kind of official feedback on this and to raise the visibility of the CR, you can open a case with F5 Support.

 

 

Aaron