Forum Discussion

Nimbostratus

Mar 28, 2011

TLS Server Name Indication iRule

http://devcentral.f5.com/wiki/default.aspx/iRules/TLS_ServerNameIndication.html I posted the iRule above for discussion purposes. It decodes the TLS SNI extension field in an SSL/TLS negot...

Employee

Apr 11, 2013

The TLS Server Name extension allows the client to specify the server name in the CLIENTHELLO message, so SNI wouldn't work for you if both server certs had the same name. If both server certs are signed by the same issuer, or rather if both certs are signed by CAs that the clients explicitly trust, then you shouldn't have to do anything other than just replace the server cert.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TLS Server Name Indication iRule

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

SSL Profiles Part 7: Server Name Indication

TLS Server Name Indication

Lightboard Lessons: TLS Server Name Indication

Multiple Certs, One VIP: TLS Server Name Indication via iRules

Server Name Indication (SNI) based RDP Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS