Forum Discussion
Nimbostratusclient and server ssl
Hi i'm using clien ssl with wildcart certification and 20 url's pointed same ip, i'm using irules to divert the traffic based on uri,
now i want to use server ssl with same virtual server for only 3 url's out of 20 url's, can someone let me know the possible options for the request.
12 Replies
Thomas_Gobet_91Cirrostratus
Hi,
As server side SSL are not in the same event that client side ones, you have to define a flag to set or not server side ssl utilisation.
Here is an example :
when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/nossl" { pool abc_pool_https } "/serverside" { set doSSL 1 pool xyz_pool } } } when SERVER_CONNECTED { if { $doSSL == 1 }{ SSL::enable serverside SSL::profile your_SSL_Wilcard_Serverside } }
Satyanarayana_Bi need to configure multiple irules and map to same virtual server?- Satyanarayana_Bdo we need install any additional license for server ssl?
Thomas_GobetHi,
As server side SSL are not in the same event that client side ones, you have to define a flag to set or not server side ssl utilisation.
Here is an example :
when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/nossl" { pool abc_pool_https } "/serverside" { set doSSL 1 pool xyz_pool } } } when SERVER_CONNECTED { if { $doSSL == 1 }{ SSL::enable serverside SSL::profile your_SSL_Wilcard_Serverside } }- Satyanarayana_Bi need to configure multiple irules and map to same virtual server?
- Satyanarayana_Bdo we need install any additional license for server ssl?
- Thomas_Gobet_91
You can define multiple iRules or you can use only one.
It depends on what is your criteria.Are URI the same on every URL ?
- Satyanarayana_Bfor 1 to 15 URL i need client ssl and 16 to 20 URl's i need to client and server ssl both, all url's configured with single ip in DNS.
- Thomas_Gobet
You can define multiple iRules or you can use only one.
It depends on what is your criteria.Are URI the same on every URL ?
- Satyanarayana_Bfor 1 to 15 URL i need client ssl and 16 to 20 URl's i need to client and server ssl both, all url's configured with single ip in DNS.
- Thomas_Gobet
If you want to apply server ssl for some of your URL, you need to use switch condition.
Your iRule will look like that :
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "host.ssl.wanted" { switch [string tolower [HTTP::uri]] { "/nossl" { pool nossl } "/serverside" { set doSSL 1 pool pool_ssl_wanted } } } "host.ssl.unwanted" { pool pool_serverside_nonssl } } } when SERVER_CONNECTED { if { $doSSL == 1 }{ SSL::enable serverside SSL::profile your_SSL_Wilcard_Serverside } } - Thomas_Gobet
Serverssl is included with LTM licence.
So you don't need to buy anything else.
