SAN SSL with IP address for multiple certs in single VIP

0

We are trying to include multiple, self signed SAN SSL certs which use IP addresses for their common names. The VIP will not recognize the matching cert unless it is the first in the list. Multiple certs using DNS names as the common name work. If the header is an IP address and its cert is second in the list, the cert that is presented is the first in the list whether it matches or not.

Briefly, the reason we need this is because we have multiple clients connecting to our apps over VPN tunnels, so we use self signed certs with IP address common names - the clients do not want to handle internal DNS . The common name on each cert is matched by a SAN using the 'ipaddress' specification. Is this possible to do or does the Kemp only support matching URL headers to its cert list?

We upgraded from 7.1.34 to 7.2.38 last night thinking that would solve the issue, but it did not. 

0 comments