Forum Discussion
Yoda_34023
Nimbostratus
NimbostratusAssociate multiple certificates to a single VIP which in turn is associated to multiple pools.
I have a challenge for the forum. I currently have a LTM which hosts a single https site (client to Server). The LTM pass the traffic onto the Server as a http session.
What I want to do is add more https sites on to the LTM which belong to the same client, but use the same VIP to keep the IP allocation down.
This is where I think the iRules come in. Ideally I want the LTM to allocate a certificate to the VIP based on incoming URI, which then sends the traffic onto the relevant http pool.
Example:
Sites:
www.abc.com
dev.abc.com
DNS:
www.abc.comA1.2.3.5
dev.abc.comCNAMEwww.abc.com
LTM:
Virtual Server = 1.2.3.5
Pool1=Server1,Server2
Pool2=Server3,Server4
Certs:
cert1 = www.abc.com
cert2 = dev.abc.com
Logical:
If URI = www.abc.com then use cert1 and allocate to pool1
If URI = dev.abc.com then use cert2 and allocate to pool2
hoolioCirrostratus
Hi,
This has been pondered quite a few times, but in the end it's not practical to use multiple certs on the same VIP, due to the fact that you need to be able to inspect the HTTP host header to know which host the request is being made to (and in order to inspect the HTTP content, you need to have already terminated the SSL using the cert).
You could either use a wildcard cert if the certs are all on the same domain, or use multiple VIPs with one cert each.
For more details on this try searching the forums for 'multiple ssl cert' or something similar.
Aaron- hoolio
- Yoda_34023Thanks.