Forum Discussion
Ozzy
Cirrus
CirrusCertificate server name issue--wildcard certificate
Hello all,
I have one virtual server, and I have a policy behind it that redirects to multiple pools. The problem is that my customer requested a certificate for a few applications and requested it as wildcard.xyz.com. However, the application has two dns records as xyz.com and www.xyz.com. Of course, when I call the page as xyz.com, I get a certificate error (not a secure connection).
Here, my policy record is as follows: if the host "xyz.com or www.xyz.com" is owned by the host, redirect the traffic to the xyz-pool.
I wrote a redirect irule to overcome this. But it didn't work.
The rule is like this:
when HTTP_REQUEST { if {[HTTP::host] equals "xyz.com"} { HTTP::redirect "https://www.xyz.com[HTTP::uri]" } }
anyone have any ideas or suggestion?
Thank you in advance for your answers
- zamroni777
Nacreous
it is better to use local traffic policy for better performance and avoid typo
- Aswin_mk
Cumulonimbus
Can you try this
when HTTP_REQUEST {
if { [HTTP::host] equals "xyz.com"} {
HTTP::redirect "http://www.xyz.com"
}
}
}
Also if you are creating a certificate, you can add all required field name as SAN in certificate signing request and use it in SSL profile
Ozzyit does not work, for both advice! because certificates work at layer6.. we could not directly manipulate with layer6 with F5 .. If some one has special trick..
- zamroni777
you need to have trusted certificate for both xyz.com and "www.xyz.com"
without that, browser wont make tls session with xyz.com hence will also never send l7 http request to xyz.com.if you dont have trusted certificate for xyz.com,
then you wont be able to make browser-trusted ssl server on that hostname.
