Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Determine which cert if used on a VS for a requesting client





When multiple certs are assigned to an SSL offloaded/re-encrypted virtual service, how does the LM determine which certificate to present to the requesting client?


Product: LoadMaster

Version: All firmware revisions

Platform: All platforms

Application: SSL VS using multiple certificates

Question/Problem Description:

How does the Load Master determine the correct cert to present to a client connection when multiple certificates are assigned to a virtual service?

Steps to Reproduce:  
Error Message: N/A
Defect Number:  
Enhancement Number:  

The Load Master will read the requested FQDN (Fully Qualified Domain Name) and try to match it to the SAN names of the assigned certificates.

e.g. Client request -> The VS will assign the cert with the SAN name for


If the service has wild card certificates assigned then this will not work as a wild card matches any requested domain and so will present the first cert in the list.



When using multiple certificates in a virtual service ensure that none of them are wild card certificates such as * and the they instead have SAN names for any possible valid request such as,, etc.


Was this article helpful?
0 out of 1 found this helpful