Forum Discussion
NimbostratusNeed help to install two SSL certificates issued from different certificate authority at BIG IP LTM virtual server.
Need help to install two SSL certificates issued from different Certificate Authority at BIG IP LTM virtual server
Understand that if multiple certificates are needed to install at one virtual server, one of the SSL client profile must be configured as default SNI and chain and root certificate must be the same. Hence, I would like to know if there is a way to install two different SSL cert which has different chain and root certificate at one virtual server?
TMOS version is 11.5.3. Thanks!
2 Replies
Why do you need to install two certs on one vip? How will you select which cert to use on a given connection? Since Host (HTTP layer 7) is higher layer than SSL, you won't be able to access the host information to "switch" certificates until after the SSL handshake, which means you will always have untrusted connection errors in web browers.
Or do you actually have some implementation where you choose the cert based on client source ip?
Alice_214810I can actually install two certificates at one VIP. To achieve this, one SSL client profile must be configured as default SNI and as for another profile, you need to define URL at server name parameter.
