Forum Discussion
NimbostratusMultiple Wildcard RSA Certs on one SSL Client policy, is it possible?
I have 2 wildcard cert's for 2 different domains (obviously) that I would like to use in a single ssl client profile, however I get the error: client ssl profile cannot contain more than one set of same certificate/key type
Which I suppose is correct as they are both RSA cert's. Would converting one to a different format be a problem, or break trust? Or is there another way I should be going about this entirely?
4 Replies
Max_Q_factorCirrocumulus
I assume you are looking for something like TLS SNI? I would check out this devcentral article: TLS Server Name Indication
If not you might want to look at creating a SAN certificate - https://en.wikipedia.org/wiki/SubjectAltName
Seth_CooperEmployee
Hi Daniel,
Please check out this SOL article...
https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html
Regards,
Seth Cooper
Hannes_RappConfiguring TLS/SNI in your client-side SSL profile is a possibility but that would not be the best solution at this point. Please note, this technology is not supported on IE browser running on Windows XP. With about 35% of all desktop users still running Windows XP, I would postpone taking into use the TLS/SNI technology for any client-facing application.
The best option would be keeping your certificates for different domains separated in different client-side SSL profiles. Configure multiple virtual servers for the same application if you have to. Perhaps TLS/SNI would be a great technology to use in 2-3 years.
Daniel_StinebauThanks for the quick replies all, looks like I have some homework to do.
