For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sam_Parkes_1110's avatar
Sam_Parkes_1110
Icon for Nimbostratus rankNimbostratus
Aug 11, 2008

SSL::profile switching - per host name requested

I'm trying to get different URL host names to negotiate with different SSL profiles as they go through a single VIP on the F5. We have several URLs we want to point to the same external IP (by DNS), w...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 13, 2008
I think this post has the evolution of this question (Click here).

 

 

The practical answer for current versions is you can only support one certificate per virtual server. A wildcard cert for *.example.com would allow you to host a.example.com and b.example.com on the same VIP using one cert. Using Subject Alternate Names (SANs) should allow you to host abc.com and xyz.com (or app.mysite-ip.com.aa and app.mysite-ip.com.bb) on the same VIP with one cert. At some point F5 and browsers will probably support the server_name extension for TLS to allow support for multiple certs on a single IP address and port. To request F5 support this extension, you can open a case with F5 and ask them to attach it to CR94903.

 

 

Aaron