When multiple hostnames resolve to the same IP address and encrypted communication is required, the BIG-IP must be able to present the correct SSL certificate based on the hostname requested by the client. This is accomplished using Server Name Indication (SNI).
According to BIG-IP Administration: Data Plane Configuration documentation:
SNI is a client-side TLS extension, where the client includes the requested hostname during the SSL handshake.
BIG-IP evaluates this hostname using the Client SSL profile, not the Server SSL profile.
The “Server Name” setting in the Client SSL profile enables BIG-IP to select the appropriate SSL certificate for the requested hostname.
Why option C is correct:
Client SSL profile handles inbound (client-side) encryption.
Server Name enables SNI-based certificate selection when multiple DNS names share the same virtual server IP.
Why the other options are incorrect:
A. Client SSL, Client NameThere is no Client SSL setting called Client Name for SNI certificate selection.
B. Server SSL, Server NameServer SSL is used for encryption between BIG-IP and backend servers, not for client-side hostname identification.
D. Server SSL, Client NameServer SSL does not process client-requested hostnames during TLS negotiation.
Correct Resolution:
Configure a Client SSL profile and enable the Server Name (SNI) setting to support multiple encrypted hostnames on the same virtual server IP.
Submit