Building a proxy to reach out to an internet based SSL server

Question

What we would like to do is setup a VIP in BIG-IP that will accept HTTP requests from the client, and forward those requests to an HTTPS internet server.
The SSL Handshake is incomplete.  The Client Hello occurs but there is no Server Hello.&nbsp;
1) The virtual has an iRule to rewrite the host name on HTTP_REQUESTs (proxy.local.domain.ca ==&gt; site.domain.name.ca)
2) The CN on the cert returned (ssl2016.domain.name.ca), when going directly to the site, does not match the Host in the request (site.domain.name.ca).&nbsp;
Can we accomplish this?&nbsp;
Patrick&nbsp;

brad_parker · Answer

If the site you are connecting to requires SNI that could be causing your observed behavior.  If that is the case you will have to look into using a server SSL profile that has the Server Name property defined for the site you are trying to connect to.&nbsp;
https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14806.html&nbsp;

Forum Discussion

Building a proxy to reach out to an internet based SSL server

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Post-Quantum Cryptography: Building Resilience Against Tomorrow’s Threats

Home Lab Server Build Using an Intel NUC and Free VMware ESXi 7

Building a lab using Proxmox

NGINX Virtual Machine Building with cloud-init

Building a Secure Application DMZ with F5 Distributed Cloud and Equinix Network Edge

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS