Forum Discussion

Wesley_Graves_1

Nimbostratus

Nov 11, 2004

Rule to assign different SSL Keys based on Host Header

Is there a way to assign different different SSL keys based on the incoming host header?

Historic F5 Account

Dec 07, 2004

This shouldn't be possible. It's a limitation of how HTTPS works.

First, the client connects to the server on port 443. SSL is negotiated. Then the client sends the HTTP GET/HEAD/etc, and the Host: header.

The SSL cert is presented *BEFORE* the Host: header is sent. The server *MUST* send a cert before it knows which one it should choose. Unless v9 includes a mind-reading module, this shouldn't be possible.

I could kick the SSL developers from not allowing a 'server identification suggestion' from the client as part of the SSL negotiation.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Rule to assign different SSL Keys based on Host Header

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

APM variable assign examples

Strict header Insertion

Mitigating OWASP API Security Risk: Mass Assignment using F5 BIG-IP

Mitigating OWASP API Security Risk: Mass Assignment using F5 XC Platform

(HTTP) Redirection via Arbitrary Host Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS