Forum Discussion

F5_Design_Engineer

MVP

Mar 20, 2025

Re: SNI Sites not taking correct certificate.

Hi Militza,

You can use the openssl command-line tool to check if SNI is configured correctly.

Here's a command you can run:

openssl s_client -servername aks4.test.com -connect aks4.test.com:443 -tlsextdebug

This command will show you the details of the SSL/TLS handshake, including whether the server is using the correct certificate for the specified hostname

Check and share the test results.

2 Replies

Militza
Nimbostratus
Mar 21, 2025
openssl can not use.
- boneyard
  MVP
  Mar 30, 2025
  you should be able to use it from the BIG-IP itself.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Re: SNI Sites not taking correct certificate.

2 Replies

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

ASM/AWAF declarative policy

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

F5 Certifications Mega Meta Series: How to take the stress out of the F5 exams

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS