Help with SNI for multiple VIPs hosted on same server
Hi I wanted to see if someone could help me with this setup. I've configured other VIPs in the past to use SNI by running this command and then creating the ssl profile with the hostname.
tmsh modify ltm virtual <virtual server> serverssl-use-sni enabled
tmsh save sys config
I have an engineer asking me to set his apps/ VIPs up for now but it is a different type of setup and I can't get it working. First there is one share pool with two servers that host 8 different sites. Each site has their own VIP with it's own IP address. As soon as the engineer checks the boxes on his server for SNI in the bindings the health monitor on the F5 breaks. I get around that by enabling the icmp monitor a basic tcp over 443 monitor but I'd like a better way. I run the command to enable SNI for the first VIP/site and create the profile with the hostname and it works fine. Then when I go to the second app and configure all the same it works but the first stops working and I get a service unavailable 500 error and so on and so on. I realize this isn't what SNI is meant to do but the application engineer was requesting it be set up like this because of our certificate management software Venafi. The software depends on SNI being checked to be able to push the certificates to the individual servers and update the bindings with the new cert.
Any guidance would be much appreciated.