Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

SSL server failures on backend with more applications


Hi all,

I am trying to implement SSL server profiles for applications.

Set up is straigtforward. Option in SSL server profile "Server Certificate" is defined to required and "Authenticate Name" contains FQDN of the backend. It works well when on the backend is only one application. But issue start when behind app gateway more applications runs. Then during SSL handshake backend (gateway) provide some default certificate, for example CN=localhost. In such case client (F5 server) reset connection.

Do I have some option to handle such ssl handshakes? It works with default ssl server profile with option "Default SSL Profile for SNI" without "Server Authentication" but I would like to keep only ssl server profiles with defined CN. Default profile will contain some dummy domain.

As example. Backend node is where applications runs (,,, ...).


New TCP connection #1: WAF IP(port) <->
1 1 0.1600 (0.1600) C>SV3.1(135) Handshake



SSL Handshake is RST when server provide certificate with CN what doesn't match with SSL server profile. 


F5 Employee
F5 Employee

You can select the serverside SSL profile using the iRule command SSL::profile