Multiple Certs, One VIP: TLS Server Name Indication via iRules

An age old question that we’ve seen time and time again in the iRules forums here on DevCentral is “How can I use iRules to manage multiple SSL certs on one VIP"?”. The answer has always historically...

Updated Aug 28, 2025

Version 2.0

Historic F5 Account

Joined May 12, 2005

View Profile

hoolio

Cirrostratus

Apr 05, 2011

Nice article and a great Codeshare contribution...

You could eliminate the need for the datagroup mapping hostnames to client SSL profile names if you name the client SSL profile with the hostname it in. In other words, you would assume for a hostname of:

www.example.com -> www.example.com_clientssl

host1.example.com -> host1.example.com_clientssl

mail.example.com -> mail.example.com_clientssl

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Multiple Certs, One VIP: TLS Server Name Indication via iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS