Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Aug 20, 2019

SNI based routing required ?

Hello,

 

I have 2 name need to be resolved with 1 IP Address . For example hostname TEST.COMPANY.COM and TEST1.COMPANY.COM need to be resolved with 1 IP . And both has individual certificate. I was thinking to resolve multiple SSL Hostname on 1 IP I need SNI based routing configuration. But before configuring SNI based routing I do see that I can open default webpage with both name. Just note that both name actually has same backend server.

 

Before SNI configuration, I configured only 1 SSL profile with default cert.

 

Based on my scenario do I still need to configure SNI based routing ?

application delivery
BIG-IP
LTM
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Aug 21, 2019

    Can you check if the certificate covers both domain names, e.g. a wildcard certificate ("*.company.com") or with SAN?

  • Subrun's avatar
    Subrun
    Icon for Cirrostratus rankCirrostratus
    Aug 21, 2019

    Both certs will be generated individually , there is no wildcard cert or SAN planned to be configured for these 2 certs.

     

    Just note that at this moment , only ONE self signed cert configured.. Public CA generated cert will be installed for both names and called at the Virtual Server Configuration. So my point is when I will configure 2 SSL Profile on a single VIP do I need to SNI settings or not ?

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Aug 21, 2019

    You don't need SNI and multiple SSL profiles if you get a SAN certificate, or a wildcard certificate in this situation.

    • Subrun's avatar
      Subrun
      Icon for Cirrostratus rankCirrostratus
      Aug 21, 2019

      Thank You.. Probably I am making the plan complex while thinking about SNI. But If I come up with individual SSL Cert then I need to do SNI right ?