Forum Discussion
Pankaj_71762
Nimbostratus
NimbostratusMultiple ClientSSL profiles to same VIP
Is it possible to have multiple clientSSL profile mapped to one VIP? I have two sites hosted on single VIP. Eg. abc.com and xyz.com. Both have same VIP 1.1.1.1:443. But different certificate/key pair.
I want F5 to SSL offload for both the sites.
hoolioCirrostratus
I think this post has the evolution of this question (Click here).
The practical answer for current versions is you can only support one certificate per virtual server. A wildcard cert for *.example.com would allow you to host a.example.com and b.example.com on the same VIP using one cert. Using Subject Alternate Names (SANs) would allow you to host abc.com and xyz.com on the same VIP with one cert. At some point F5 and browsers will probably support the server_name extension for TLS to allow support for multiple certs on a single IP address and port. To request F5 support this extension, you can open a case with F5 and ask them to attach it to CR94903.
Aaron
Daniel_23207hi hoolio,
i am also in the situation where i already have server name identification (sni) on the server-side and want/need to bring ssl termination to the big-ip. do you have any status on CR94903? will that be introduced in the near future? anything on the roadmap?
would be great to get some input on that - to be able to estimate the possibilities.
as far as I know other loadbalancing platforms have the same limitations.
thanks and best regards,
daniel
Dave_88944Has anyone heard anything about this yet? It seems like they've had this CR open for a long time with no comment.- hoolioTo get some kind of official feedback on this and to raise the visibility of the CR, you can open a case with F5 Support.
Aaron