Forum Discussion

Ozzy's avatar
Ozzy
Icon for Cirrus rankCirrus
Sep 10, 2024

Certificate server name issue--wildcard certificate

Hello all,

I have one virtual server, and I have a policy behind it that redirects to multiple pools. The problem is that my customer requested a certificate for a few applications and requested it as wildcard.xyz.com. However, the application has two dns records as xyz.com and www.xyz.com. Of course, when I call the page as xyz.com, I get a certificate error (not a secure connection).
Here, my policy record is as follows: if the host "xyz.com or www.xyz.com" is owned by the host, redirect the traffic to the xyz-pool.

I wrote a redirect irule to overcome this. But it didn't work.
The rule is like this:

 when HTTP_REQUEST { if {[HTTP::host] equals "xyz.com"} { HTTP::redirect "https://www.xyz.com[HTTP::uri]" } }   

anyone have any ideas or suggestion?

Thank you in advance for your answers

  • it does not work, for both advice! because certificates work at layer6.. we could not directly manipulate with layer6 with F5 .. If some one has special trick..

    • zamroni777's avatar
      zamroni777
      Icon for Nacreous rankNacreous

      you need to have trusted certificate for both xyz.com and "www.xyz.com"
      without that, browser wont make tls session with xyz.com hence will also never send l7 http request to xyz.com.

      if you dont have trusted certificate for xyz.com,
      then you wont be able to make browser-trusted ssl server on that hostname.

  • Can you try this

     

    when HTTP_REQUEST {

      if { [HTTP::host] equals "xyz.com"} {

          HTTP::redirect "http://www.xyz.com"

        }

      }

    }

     

    Also if you are creating a certificate, you can add all required field name as SAN in certificate signing request and use it in SSL profile

  • it is better to use local traffic policy for better performance and avoid typo