cancel
Showing results for 
Search instead for 
Did you mean: 

can we have two SSL certificates attached to VIP - one is internal CA and other on is external CA

T_Rajneesh
Nimbostratus
Nimbostratus

I have VIP which is configured to have ssl offloading on F5 VIP. I have multiple URL's accessing same VIP with different back end server.

i.e., the request are being send to back end pool based host name via i-rule. Wanted to know if i can apply one external CA cert for one URL and internal certificate for other URL on VIP ?

 

example : URL1 - abc.com

URL2 - xyz.com -

 

VIP: 10.10.10.10

pool1 - abc

pool2 - xyz

SSL - client-ssl_abc & client_ssl_xyz

 

 

 

 

 

4 REPLIES 4

vaibhav
Nimbostratus
Nimbostratus

why not get a SAN cert ?

T_Rajneesh
Nimbostratus
Nimbostratus

here, i'm not taking about SAN name added to certificate.. One is external CA with one SAN name and one is internal CA with other SAN name.. can these two be applied on single VIP

 

correct my bad this is what you are looking for i believe

 

https://support.f5.com/csp/article/K13452

Yes you can bind multiple client SSL profiles on same VIP and each client profile can have different certificates (public CA/internal). Just before binding multiple client SSL profiles on single VIP, you need to define one of the profile as a default/fallback SSL profile. You can define one of the client SSL profile as a default/fallback SSL by checking option Default SSL Profile for SNI under Client SSL profile advance settings.

With this, you should be good.