For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

brepav123_22459's avatar
brepav123_22459
Icon for Cirrus rankCirrus
Feb 07, 2018

Multiple SSL Certs from one Virtual Server

In our environment we have 7 or 8 websites all served behind the same virtual server in the F5. Further down the pipe the web server reads the hostname they are trying to reach and serves the appropr...
application delivery
iRules
LTM
shipszky's avatar
shipszky
Icon for Altocumulus rankAltocumulus
Feb 07, 2018

I have the same setup in my environment, using multiple certificates. As Brian mentioned above the feature your looking for is called SNI. Assign the SSL Profiles you're wanting to use to the VS. The F5 will then select the profile to be used accordingly.

The only gotcha is one of the SSL profiles has to be the SNI Default. This is basically for older browsers that don't support SNI, they will always default to this certificate no matter the host name (honestly we've used this for a while and have never received a complaint).

The "SNI Default" checkbox is found in the SSL Profile configuration. (Local Traffic > Profiles > SSL)

EDIT: I think it's noteworthy to mention I also have an iRule to connect to different pools on the same VS that's using SNI to handle multiple certificates. 

when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "sni1.test.com" { pool sni1test }
        "sni2.test.com" { pool sni2test }
    }
}