Forum Discussion

T_Rajneesh's avatar
T_Rajneesh
Icon for Nimbostratus rankNimbostratus
Sep 23, 2020

can we have two SSL certificates attached to VIP - one is internal CA and other on is external CA

I have VIP which is configured to have ssl offloading on F5 VIP. I have multiple URL's accessing same VIP with different back end server.

i.e., the request are being send to back end pool based host name via i-rule. Wanted to know if i can apply one external CA cert for one URL and internal certificate for other URL on VIP ?

 

example : URL1 - abc.com

URL2 - xyz.com -

 

VIP: 10.10.10.10

pool1 - abc

pool2 - xyz

SSL - client-ssl_abc & client_ssl_xyz

 

 

 

 

 

application delivery
BIG-IP
iRules

4 Replies

Sort By
  • T_Rajneesh's avatar
    T_Rajneesh
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2020

    here, i'm not taking about SAN name added to certificate.. One is external CA with one SAN name and one is internal CA with other SAN name.. can these two be applied on single VIP

     

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Sep 23, 2020

    Yes you can bind multiple client SSL profiles on same VIP and each client profile can have different certificates (public CA/internal). Just before binding multiple client SSL profiles on single VIP, you need to define one of the profile as a default/fallback SSL profile. You can define one of the client SSL profile as a default/fallback SSL by checking option Default SSL Profile for SNI under Client SSL profile advance settings.

    With this, you should be good.