Using two certificates with SNI and IP as common name

Question

Hi all,I have a VS which client access using both FQDN and IP and I need it to be HTTPS.I have a legitimate cert for the FQDN (wildcard) and I've created a certificate for the IP address using a CA we have inhouse.I've also included SAN values for DNS and IP in this cert.When I attach each certificate individualy to the VS and try to access it accordingly, everything works fine, so I know the certs are legit.When I put both certs in the VS and configure their SSL profile with Default SNI and ServerName, it also selects the FQDN cert, even if the client access using IP address.&nbsp;Any suggestions why this happens?Using version 14.1.4.5.&nbsp;Thanks!

nikoolayy1 · Answer

Check the bug tracker but your settup is strange as the idea behind SNI is the same server IP address to be used by the server that host different domains:
&nbsp;
https://support.f5.com/csp/bug-tracker?sf189923893=1
&nbsp;
https://community.f5.com/t5/technical-articles/how-to-troubleshoot-sni/ta-p/281658
&nbsp;
Also is the wildcard cert the default SNI cert? Do your client support SNI (for certificates that are not using the IP address do the clients match them correctly and only the one with the IP address is having issues)?

jim_m · Answer

How do you set the default SNI cert

Forum Discussion

Using two certificates with SNI and IP as common name

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

BIG-IQ Certificate

List of Common Linux and/or TMSH commands

certificate-common-name-mismatch

SSL Certification (thawte) installation

Exporting SSL Certificate to another BIG IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS