For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Daniel_Stinebau's avatar
Daniel_Stinebau
Icon for Nimbostratus rankNimbostratus
Mar 17, 2015

Multiple Wildcard RSA Certs on one SSL Client policy, is it possible?

I have 2 wildcard cert's for 2 different domains (obviously) that I would like to use in a single ssl client profile, however I get the error: client ssl profile cannot contain more than one set of s...
BIG-IP Access Policy Manager (APM)
BIG-IQ
design
security
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Mar 17, 2015

Configuring TLS/SNI in your client-side SSL profile is a possibility but that would not be the best solution at this point. Please note, this technology is not supported on IE browser running on Windows XP. With about 35% of all desktop users still running Windows XP, I would postpone taking into use the TLS/SNI technology for any client-facing application.

 

The best option would be keeping your certificates for different domains separated in different client-side SSL profiles. Configure multiple virtual servers for the same application if you have to. Perhaps TLS/SNI would be a great technology to use in 2-3 years.