Use iRule to control choosing which SSL certificate to use based on SNI

shixin · ‎10-Oct-2023

VS address: 10.1.20.43

VS port: 443

There are two SSL Profiles on F5: web1-ssl and web2-ssl.

I want to use an iRule to control the selection of which SSL certificate to use based on SNI:

For example, when a user visits web1.com, the VS uses the SSL Profile web1-ssl;

When a user accesses web2.com, this VS uses the SSL Profile web2-ssl.

Please tell me, how should I write this iRule?

grateful!

Paulius · ‎10-Oct-2023

@shixin You do not need an iRule for this because the F5 does this provided you enable SNI on the VS and configure the SSL profile fields appropriately. This document might assist you in this process.

https://community.f5.com/t5/technical-articles/ssl-profiles-part-7-server-name-indication/ta-p/27982...

View solution in original post

Paulius · ‎10-Oct-2023

@shixin You do not need an iRule for this because the F5 does this provided you enable SNI on the VS and configure the SSL profile fields appropriately. This document might assist you in this process.

https://community.f5.com/t5/technical-articles/ssl-profiles-part-7-server-name-indication/ta-p/27982...

shixin · ‎10-Oct-2023

At first I wanted to use iRule to identify SNI, but I couldn't do it after trying many times; but based on this article you provided, I achieved the effect I wanted, thank you!

Paulius · ‎11-Oct-2023

@shixin You could probably do this via iRule but it would be much more complicated then just configuring it the way the document outlines.

DevCentral

Use iRule to control choosing which SSL certificate to use based on SNI

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

Use iRule to control choosing which SSL certificate to use based on SNI

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards