cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Using two certificates with SNI and IP as common name

yonatan
Nimbostratus
Nimbostratus

Hi all,

I have a VS which client access using both FQDN and IP and I need it to be HTTPS.

I have a legitimate cert for the FQDN (wildcard) and I've created a certificate for the IP address using a CA we have inhouse.

I've also included SAN values for DNS and IP in this cert.

When I attach each certificate individualy to the VS and try to access it accordingly, everything works fine, so I know the certs are legit.

When I put both certs in the VS and configure their SSL profile with Default SNI and ServerName, it also selects the FQDN cert, even if the client access using IP address.

 

Any suggestions why this happens?

Using version 14.1.4.5.

 

Thanks!

2 REPLIES 2

Check the bug tracker but your settup is strange as the idea behind SNI is the same server IP address to be used by the server that host different domains:

 

https://support.f5.com/csp/bug-tracker?sf189923893=1

 

https://community.f5.com/t5/technical-articles/how-to-troubleshoot-sni/ta-p/281658

 

Also is the wildcard cert the default SNI cert? Do your client support SNI (for certificates that are not using the IP address do the clients match them correctly and only the one with the IP address is having issues)?

Jim_M
Cirrus
Cirrus

How do you set the default SNI cert