Understanding the Authenticate Name Option on Server SSL profile on BIG-IP

Quick Intro Have you ever wondered what this little option on Server SSL profile really does in practice? This is what this article is all about. If you're only interested about what I learn...

Published Apr 20, 2020

Version 1.0

MVP

Joined May 16, 2019

View Profile

Rodrigo_Albuque

MVP

Joined May 16, 2019

View Profile

dragonflymr

Cirrostratus

Apr 27, 2020

Sure I know. Anyway I tested it and works like charm for Virtual Hosting scenario. Multiple FQDNs pointing to single VS, then this VS sending traffic to Pool Members as well handling multiple FQDNs. Correct Server SSL Profile is selected based on client ClientHello SNI. So both SNI presented to backend server is the same as specified by client, and Authenticate Name is checked based on previously selected Server SSL Profile.

I doubt however it can be used for VS serving one FQDN but with Pool Members each requiring different SNI - only way is switching Server SSL profiles via iRule.

Piotr

Understanding the Authenticate Name Option on Server SSL profile on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS