Jesse_Reinhart_
Sep 08, 2017Nimbostratus
SNI - no SSL profile = drop/reset
Hi!
I've got SNI working properly on my LTM virts. It's working fine, but some of the sites we host through that virt don't have SSL. Those sites don't have an SSL profile or certificate to present, so true to SNI, it presents the default SSL profile, which is a wildcard certificate for a different domain. This throws some errors in the visitor's browser, which is expected given the actions that are occurring.
Is there a way that I can have the Big-IP do something different with the connection when there's no matching SSL profile instead of presenting the wrong certificate?
Thanks!
- Jesse