F5 redirect

Question

Hi!I have 2 F5s active standby cluster&nbsp;BIG-IP 16.1.3 build 0.0.12 and I have a VServer called: xyz.acme.com:443.It's public internet facing, with public cert imported as a server profile - works fine.Now I got a request to have this VServer under 2 urls:xyz.acme.comz.acme.comWe did DNS alias - this works fine but&nbsp;I have cert only for the first one.The business does not want to buy another cert for the 2nd url if possible (let's encrypt, and other like this are out of the question).Is it possible to do redirect from z.acme.com to xyz.acme.com without buying new cert?

mihaic · Answer

I don't think it will work ,as you said you have a cert only for the first domain.
You probably need a wildcard cert for *.acme.com
or a SAN certificate.

paulius · Answer

shadow82 If the connection you are attempting to redirect will arrive on HTTPS then you have no way of redirecting this connection without an SSL error being displayed to the end user for the FQDN missmatch in the SSL certificate that you have installed on the F5.

ca_valli · Answer

I agree with other MVP's here, SSL will see SNI mismatch at handshake time and return a warning.
You need to import a wildcard certificate (which you might already have bought) , or to renew xyz.acme.com with z.acme.cm as the SAN, or to request z.acme.com cert (and in this case, you also need to configure two clientSSL profiles on the BIG-IP)

Forum Discussion

F5 redirect

3 Replies

Recent Discussions

Viprion files on blades.

The best load balance method on this scenario?

Could not connect to SMTP host.

redirect not working

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

iRule assistance for subfolder redirect

Redirection with datagroup and irule

Replace path in redirect

iRule redirect based on hostname

Multiple URIs redirect to single URL