SAN Certificate Troubleshooting

Question

Hello,&nbsp;
I have a SAN Certificate and installed to BIG IP TL2000.The certificate was imported  as pfx but i also tried to convert and installed as .pem file to BIG IP.
The problem is i can not use the Client SSL profile for this certificate.
The certificate has 3 sundomains as 1.xyz.com,2.xyz.com,3.xyz.com&nbsp;
Any help appreciated.&nbsp;
Thank You&nbsp;

chase_abbott · Answer

This shouldn't be an issue.  If the cert is SAN/Wildcard it can work fine within a single client ssl profile.  You can choose how to segregate the traffic:&nbsp;
3 separate virtual servers using the same client ssl prof1 virtual with 3 DNS A records pointing to it.  Use an iRule to segregate the sites and pools with a switch statement.
The PFX should import the cert/key just fine.  I would import the intermediary certificate separately for cert chain linking.&nbsp;

Forum Discussion

SAN Certificate Troubleshooting

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Need Advice on below issue

SSO login for APM Profiles

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Related Content

Automating Certificate Management on F5 BIG-IP

How to Troubleshoot SNI

Access Troubleshooting: BIG-IP APM OIDC integration

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

AppWorld 2024 in San Jose

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS