Forum Discussion
Lucas_Thompson
Apr 30, 2024Employee
You should be able to simply use multi-domain SSO (it allows multiple hostnames to share the same APM session) with two DNS names and use two vips (each with a separate "advertised CAs" setting in the clientssl profile so hopefully the client doesn't get a popup to choose the cert), attached to the same access profile, and collect the second certificate once the session is established inside of a per-request policy.
Testing and setting this up would be somewhat complex.