Forum Discussion

bitnoc's avatar
Icon for Nimbostratus rankNimbostratus
Apr 28, 2023

Same list of SSL profiles on multiple VIPs

I have a number of VIPs which need to have the same set of SSL profiles (many different certificates on a n umber of hosting platforms). Is there any way to define just one set of SSL profiles and apply that on each VIP? With 8 VIPs and a list of a few hundred profiles the configuration blows up.

I realise that I can automate this (and I have done so), but it still feels as if I'm repeating the same configuration. Having one profile which I can apply on every VIP would be nice, but I cannot find a way to do that.

3 Replies

  • bitnoc The only way you could have this down to one SSL profile is if you created a single SAN cert that has all the FQDNs in it and then apply that one profile. Alternatively you could use the "load sys config from-terminal merge" command to load the config file version of new virtual servers or paste in a single command that has all the profiles. From what you have stated you have already tried some variation of configuration manually so I don't believe you will want to do that so the SAN is the best alternative.

  • bitnoc's avatar
    Icon for Nimbostratus rankNimbostratus

    Thanks for your reply! Sadly, putting everything in one certificate isn't an option, for a number of reasons: there are too many SANs, some are not registered by us but by our customers, etc.

    Automation works fine, but it feels so pointless to repeat such a big part of our configuration for every VIP we configure, the config file really grows a lot as a result.

    • Paulius's avatar
      Icon for MVP rankMVP

      bitnoc It definitely does grow when you have that many profiles associated but with limitations in making the one SAN we have to give up an aspect that could shorten the configuration significantly. Thankfully you already have an outline and automation in place to really simplify this a bit.