Forum Discussion
dward
Nimbostratus
NimbostratusNeed to support thousands of unique SSL certificates on a single VIP
Looking for the best way to host thousands of SSL certificates issued by public providers
Each of these certs will be issued on a unique FQDN with no common DNS zone within the name. Think thousands of unique small businesses wanting hosting of their unique registered domain name. Only two VIPs would front the application - one for http and one for https.
I assume there is a limit on the number of SNI stacked SSL client profiles assigned to a VIP - I could not find any specifics on that limitation. Also, any know performance levels with loaded SNI certs?
Appreciate any and all feedback!
PK_Bhatiaseems asked before : https://devcentral.f5.com/s/feed/0D51T00006i7g7uSAA
 
SSL TPS you may need to consider.
 
Only1masterbla1Cirrus
As such there is no limit as per RFC. It will depend on CA.
From an implementation standpoint, many certificate authorities limit the number of SAN domains to as low as 25 entries to as high as 100, as per following link:
- dward
Appreciate the reply however, An answer of "I think it should be...." could not be consider definitive. Also, the referenced link just shows how to add a SNI profile based scenario and has no reference to any limitations or performance characteristics. When talking thousands of items performance is a major concern.