Question on configuring SNI clientSSL Profile

Question

Hi Experts ,&nbsp;I have a question on configuring the SNI SSL profile .Suppose say I have 3 different certificate and 3 SSL profile to be attached to the VIP to configure SNI .&nbsp;https://www.securesite1.com ClientSSL1 &gt; Default SSL Profile for SNIhttps://www.securesite2.com ClientSSL2https://www.securesite3.com ClientSSL3&nbsp;To enable SNI, we configure the Server Name and Default SSL Profile for SNI will be checked on an SSL profile of ClientSSL1, and then assign the profile to a virtual server.&nbsp;How about on other 2 SSL profiles ClientSSL2 &amp; ClientSSL3 ? For other SSL profiles do I need to type the name for the HTTPS site in the Server Name box ? or it can be left blank ?&nbsp;&nbsp;&nbsp;

michael_saleem · Accepted Answer

As long as you are on at least version 11.6.0, you do not need to specify a Server Name for any of the profiles (and I would recommend not specifying it).
Simply add all 3 x Client SSL profiles to the virtual server and mark one of them as Default SSL Profile for SNI like you said and you're set. The F5 BIG-IP will automatically read the SAN names on all the SSL certificates to find a match. If it does not find a match, then it will use the default SSL profile.

Forum Discussion

Question on configuring SNI clientSSL Profile

Recent Discussions

CPU high load during specific time periods

F5 OS r-Series cron job schedule

Connections log

VAPT or APT tools scan prevention

R2600 device and tenant/partition configuration

Related Content

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

TLS server_name extension based routing without clientssl profile

LTM VE behind Sophos Firewall deployment - configuration/setup question

Multiple Ways to Configure Usage Reporting in NGINX

limit to number of clientssl profiles

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS