Forum Discussion
Hannes_Rapp
Nimbostratus
If all works with
abc.com
right now, and you already terminate clientssl with *.abc.com
certificate, no changes on BigIP LTM are required to add support for xyx.abc.com
. They just create new DNS A record to point xyx.abc.com to same VIP as abc.com and voila!
Serverssl profile has no domain-aware significance. It is used to enable BigIP act as a SSL/TLS client so the traffic to Pool Member will be encrypted before it's forwarded downstream.
nitass
Jan 01, 2018Employee
if i do not misremember, serverssl profile does not forward server name indicated from clientside to serverside. so, can you try something like this?
Modifying serverside SSL profile based on hostname for SNI (Kai Wilke's comment) https://devcentral.f5.com/questions/modifying-serverside-ssl-profile-based-on-hostname-for-sni-48452