Forum Discussion
raphael_norber1
Nimbostratus
NimbostratusCert Problem
I'm not sure if there is a slution to my issue, but Support suggested there might be an Irule solution. basically i am attempting this:
when HTTP_REQUEST {
if { [HTTP::host] equals "https://www.domain1.com" }{
set ::redirect_uri ""
HTTP::redirect https://domain2.com
}
}
domain1 and domain2 have the same VIP. They need to have the same ip addy, due to a number of clients who have the ip address hard coded into their proxy servers, and we dont want them to have to change the ip address. the redirect works fine, but the clients are getting a cert warning, due to the hostname mismatch. so my question is....is there a way to do the redirect somehow before the ssl handshake? i do have a cert for domain2, so if i could somehow stop the ssl handshake before the redirect, that would work, or, if i could somehow associate multiple certs with a single vip, that would work also. any ideas would be greatly appreciated.
- This type of a chicken and egg SSL cert question has been asked a few times before. If you search the forums you'll probably find a couple of different discussions related to similar topics.
The short answer is, no, there isn't a way to read the information in the HTTP headers before the SSL handshake has occured, so you won't be able to see what the hostname is without first decrypting the data. At this point, you've already exchanged the cert, and the user has seen an alert if they are prompted to accept a cert for a different domain.
Colin
