TLS Server Name Indicator using the Server Name parameter

Question

TLS Server Name Indicator: 
When using a SAN Cert Must use create a separate Client SSL profiles for each name that is in the SAN certificate you want to use?  
&nbsp;
Would I then need Client_SSL_1 with Server Name =  then create Client_SSL_2 with Server Name = investor.xyz.com ?  When no name is given I know the default is Common Name?&nbsp;
For instance you have a 
Certificate 1
SAN certificate:
Common Name = 
Subject Alt = xyz.com&nbsp;
Certificate 2
SAN certificate:
Common Name = 
Subject Alt = investor.com&nbsp;
Client_SSL_base
Client_SSL_fallback Certificate 1 default checked
Client_SSL_1a Certificate 1 ServerName = 
Client_SSL_1b Certificate 1 ServerName = xyz.com
Client_SSL_2a Certificate 2 ServerName = 
Client_SSL_2b Certificate 2 ServerName = investor.com&nbsp;

stanislas_piro2 · Answer

Hi,
Default sni behavior when multiple clientssl profile is assigned to a vs is to read subject and SAN values and use these values as condition.
Don't configure Server Name field but only check default for SNI in one of profiles.

Forum Discussion

TLS Server Name Indicator using the Server Name parameter

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

F5OS login with admin/root failed via console

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

UCS Encryption Question

Unblock Request WAF

Related Content

SSL Profiles Part 7: Server Name Indication

TLS Server Name Indication

Lightboard Lessons: TLS Server Name Indication

Server Name Indication (SNI) based RDP Proxy

Multiple Certs, One VIP: TLS Server Name Indication via iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS