Understanding the Authenticate Name Option on Server SSL profile on BIG-IP
Published Apr 20, 2020
Version 1.0Was this article helpful?
Sure I know. Anyway I tested it and works like charm for Virtual Hosting scenario. Multiple FQDNs pointing to single VS, then this VS sending traffic to Pool Members as well handling multiple FQDNs. Correct Server SSL Profile is selected based on client ClientHello SNI. So both SNI presented to backend server is the same as specified by client, and Authenticate Name is checked based on previously selected Server SSL Profile.
I doubt however it can be used for VS serving one FQDN but with Pool Members each requiring different SNI - only way is switching Server SSL profiles via iRule.
Piotr