Forum Discussion

JustJozef's avatar
Icon for Cirrus rankCirrus
Aug 22, 2023

SSL server failures on backend with more applications

Hi all,

I am trying to implement SSL server profiles for applications.

Set up is straigtforward. Option in SSL server profile "Server Certificate" is defined to required and "Authenticate Name" contains FQDN of the backend. It works well when on the backend is only one application. But issue start when behind app gateway more applications runs. Then during SSL handshake backend (gateway) provide some default certificate, for example CN=localhost. In such case client (F5 server) reset connection.

Do I have some option to handle such ssl handshakes? It works with default ssl server profile with option "Default SSL Profile for SNI" without "Server Authentication" but I would like to keep only ssl server profiles with defined CN. Default profile will contain some dummy domain.

As example. Backend node is where applications runs (,,, ...).


New TCP connection #1: WAF IP(port) <->
1 1 0.1600 (0.1600) C>SV3.1(135) Handshake



SSL Handshake is RST when server provide certificate with CN what doesn't match with SSL server profile.