Forum Discussion

fcocquyt_104704's avatar
fcocquyt_104704
Icon for Nimbostratus rankNimbostratus
Jul 12, 2013

Certificate not trusted in when redirect URL

Hello,     I'm trying to redirect an URL.   So for example when www.mcneilonline.co.uk is typed, I need this to go to mcneilonline.co.uk   This is working for both http://www.mcneilonli...
application delivery
dev
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 12, 2013

You can alternately not have any client or server SSL profiles on the virtual server and just let the SSL pass directly through to the server. As long as 1) the host name the client is asking for is in the server's certificate (subject or subject alt name), and 2) the certificate is trusted by the client, you should be good to go.

 

 

The downside of the above approach is that you lose the layer 7 flexibility on the BIG-IP for this traffic (HTTP iRules, cookie persistence, etc.). Your better bet, as Nitass shows, is to terminate the SSL on the BIG-IP (and optionally re-encrypt but not absolutely necessary). This requires you to put the server's certificate and key on the BIG-IP and assign them to the client SSL profile used by the virtual server. If you must re-encrypt, you can most likely just apply the generic serverssl profile to the virtual server as well.