Forum Discussion

Nimbostratus

Mar 28, 2011

TLS Server Name Indication iRule

http://devcentral.f5.com/wiki/default.aspx/iRules/TLS_ServerNameIndication.html I posted the iRule above for discussion purposes. It decodes the TLS SNI extension field in an SSL/TLS negot...

Altostratus

Apr 11, 2013

I have a server with 1024-bit certificate and i need to migrate to 2048 bit certificate. Can i use the TLS SNI feature in version 11.2 to help in this migration?

I am wondering if I put my 2048 bit certificate (with TLS SNI ) as the first SSL profile in my VS, and have the 1024-bit in the failback ssl profile.

Can I use the same DNS name for both certificates?

Even if it works, I am worried that some of the clients may not like the extra SSL SNI negotiation going on the LTM. Has anyone come across failures where some clients could not connect, especially that I am using some dumb terminals as clients ?

thanks

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TLS Server Name Indication iRule

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

SSL Profiles Part 7: Server Name Indication

TLS Server Name Indication

Lightboard Lessons: TLS Server Name Indication

Multiple Certs, One VIP: TLS Server Name Indication via iRules

Server Name Indication (SNI) based RDP Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS