Forum Discussion

Altostratus

Mar 02, 2016

serverssl, SNI, vHosts

Hi, I wonder how to solve such issue: Target server is using vHost and HTTPS Each vHost has separate certificate for FQDN (no Wildcard or SAN) Traffic is passed to target servers via one...

MVP

Mar 02, 2016

Hey Radu,

your mentioned SNI-Relay logic is indeed a cool method to support Piotrs requirement without switching between multiple different Server_SSL_Profiles. Great hint and Kudo +1...;-)

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0] } then {
        set tls_sni_extension [SSL::extensions -type 0]
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { [info exists tls_sni_extension] } then {
        SSL::extensions insert $tls_sni_extension
    }
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

serverssl, SNI, vHosts

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform LTM provider - ICMP disabled on resulting VIPs

F5 LACP

SSLO Policy Condition - Server Certificate (Issuer DN)

How APM GET IOS UUID & Andriod MAC

Expired client-certificate

Related Content

SNI Routing with BIG-IP

How to Troubleshoot SNI

Serverside SNI injection iRule

SNI Routing with DNS Lookup

Extracting the SNI server name

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS