Determine which cert if used on a VS for a requesting client
When multiple certs are assigned to an SSL offloaded/re-encrypted virtual service, how does the LM determine which certificate to present to the requesting client?
Version: All firmware revisions
Platform: All platforms
Application: SSL VS using multiple certificates
How does the Load Master determine the correct cert to present to a client connection when multiple certificates are assigned to a virtual service?
|Steps to Reproduce:|
The Load Master will read the requested FQDN (Fully Qualified Domain Name) and try to match it to the SAN names of the assigned certificates.
If the service has wild card certificates assigned then this will not work as a wild card matches any requested domain and so will present the first cert in the list.
When using multiple certificates in a virtual service ensure that none of them are wild card certificates such as *.domain.com and the they instead have SAN names for any possible valid request such as www.domain.com, mail.domain.com, etc.