Turn on suggestions
![]() Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
|
03-07-2017 08:26 AM
Hello,
i am trying to get SSL SNI on 12.5.02m to work. However it fails when trying to configure it:
server virtual test.xyz 1.2.3.4
port ssl ssl-terminate testcert
port ssl ssl-sni testcert2
Error : Fail to bind testcert2 to virutal-port. Default SSL profile binding already exist on virtual-port [test.xyz:443]
Error - Failed to create virtual service port
(btw, there's a typo in the code: "virutal")
The error message somehow suggests to not use any profile name after the "port ssl ssl-terminate" command but its not possible to exclude the ssl profile name on it. If i dont use "port ssl ssl-terminate" at all, the the sni command also refuses:
SNI only support for port with SSL-termination or SSL-proxy
Error - Failed to create virtual service port
So i wonder if SSL SNI even works or is this feature not implemented?
Best regards,
Jonas
Solved! Go to Solution.
03-08-2017 09:17 PM
Hello Jonas,
From the error message it's acting as if both profiles have configuration that ADX views as default. Does testcert2 have 'sni-servernname' configured? Example configuration below.
ssl profile SSL-DEFAULT
key key-default
certificate cert-default
ssl profile SNI-TEST
sni-servername “site2.com”
key key-2017
certificate cert-2017
server virtual TEST-VS 10.10.10.10
port ssl
port ssl ssl-term SSL-DEFAULT
port ssl ssl-sni SNI-TEST
03-09-2017 02:48 AM
Thanks alot, it works now!
I didnt have "sni-servername" in the ssl profile. The error message is somewhat confusing, maybe that should get fixed and display a more specific message to this.
Also i couldnt find any documentation about SSL SNI at all (seems this feature was "silently" integrated without documentation)?
03-09-2017 06:54 AM
Awesome news! That error is a bit confusing to read if you haven't already had experience with the SNI config. Brocade does review these boards or you could forward the feedback regarding the error to your Brocade contact. They are greatly receptive to feedback. I've linked a pdf for a code version you are on, it contains additional information for the SNI configuration.
Take care,
-D