For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Festus_50639's avatar
Festus_50639
Icon for Nimbostratus rankNimbostratus
Mar 02, 2009

GTM or LTM to redirect? That is the question.

Hello all,     I'm in a bit of a sticky wicket trying to get to the end point in solving what seems to be a fairly simple issue.     In our environment, we have both GTMs and...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 02, 2009
Wildcard certs may not actually cover site.com and www.site.com. You may need to specifically request this. Subject Alternate Names should allow you to use both instances though:

 

 

 

http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=33441&ptarget=33462

 

 

For the HTTPS VIP, you're limited to supporting one certificate for one VIP. So if clients did make an HTTPS request using a hostname that didn't match the cert, they would get a cert mismatch error before you would be able to redirect them to a new location. You may be able to get a cert valid for all subdomains on your domain (a wildcard cert valid for *.example.com) or you could get a cert valid for multiple hostnames on different domains using subject alternate names (SANs). Try searching the forums here for SAN SSL or subject alternate name for some more information and links.

 

 

It would be more ideal to avoid clients making requests via HTTPS to different hostnames that resolve to the same IP address.

 

 

 

 

Aaron