Multiple SAN SSL certificates to a single VIP

Question

Hello ALL,
I'm working on SSL certificate installation task wherein for a sigle VIP I have to associate multiple SAN certificates and each SAN certifcate has multiple URLs.&nbsp;
for exmaple:
VIP - 10.10.10.10 has SSL cert of SSL1 and SSL2 and SSL1 has SAN name of  x.learn.com,y.learn.com and x.learn.com. And SSL 2 certificate has the SAN name of A.learn.com, B.learn.com and C.learn.com.&nbsp;
Could you please suggest how can I achive this?&nbsp;
For example if a user access x.learn.com or a.learn.com using the same VIP then it should be accessible.&nbsp;
Regards,
Thiyagu&nbsp;

youssef1 · Answer

Hi,&nbsp;
Did you check this post:
https://devcentral.f5.com/questions/client-ssl-profiles-using-sni-not-able-to-use-the-subject-alternative-name&nbsp;
It explain how you can achieve your need.&nbsp;
Response from Kevin (F5):
SNI doesn't really care about what's in the certificate, but rather what you've defined in the Server Name attribute of the client SSL profile. I haven't tried this, but thinking you could create a separate client SSL profile for each SAN name that isn't covered by the wildcard, using the same cert/key, and then apply all of those to the VIP.&nbsp;
Let me know if you need help&nbsp;

Forum Discussion

Multiple SAN SSL certificates to a single VIP

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

single slot multiple core vs multiple slot single core

Automating ACMEv2 Certificate Management on BIG-IP

BigIP VE - Multiple VLANs on single partition with single interface

Help F5 Transform the BIG-IP Administrator Certification

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS