Forum Discussion

Altostratus

Mar 02, 2016

serverssl, SNI, vHosts

Hi, I wonder how to solve such issue: Target server is using vHost and HTTPS Each vHost has separate certificate for FQDN (no Wildcard or SAN) Traffic is passed to target servers via one...

MVP

Mar 02, 2016

Hey Radu,

your mentioned SNI-Relay logic is indeed a cool method to support Piotrs requirement without switching between multiple different Server_SSL_Profiles. Great hint and Kudo +1...;-)

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0] } then {
        set tls_sni_extension [SSL::extensions -type 0]
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { [info exists tls_sni_extension] } then {
        SSL::extensions insert $tls_sni_extension
    }
}

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

serverssl, SNI, vHosts

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

SNI Routing with BIG-IP

How to Troubleshoot SNI

Serverside SNI injection iRule

SNI Routing with DNS Lookup

Extracting the SNI server name

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS