Forum Discussion
- Kevin_StewartEmployee
Any chance you have the same server name string defined in multiple client SSL profiles?
- What_Lies_Bene1Cirrostratus
It's blank in both.
- Kevin_StewartEmployee
It's blank in both.
It can't be. SNI requires unique server name values in all of the client SSL profiles. That's how LTM knows which profile to use in the SSL handshake.
- What_Lies_Bene1Cirrostratus
Hmmm. I'm not looking to use SNI, this is for that OCSP with CRL fallback functionality.
I've double-check the iRules wiki, I thought it suggested any profiles you wish to switch between must be assigned to the VS but on a re-reading, it seems it just needs 'a' profile to be configured.
That being the case this probably counts as my most ill informed question ever! Sorry.
- Kevin_StewartEmployee
The OCSP with CRL fallback functionality requires a single client SSL profile specified in the VIP, and the other specified in the iRule.