HOW TO ASSOCIATE TWO SSL PROFILES TO A VIRTUAL SERVER

Posted By kky on 2/04/2007 6:00 AM

 

 

Hi Maria,

 

 

you can use irule to bind a single virtual with 2 ssl profile using SSL::profile command. Below is one of the example, happy trying.

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] contains "ahorron.com" } {

 

SSL::profile ahorron_profile

 

}

 

elseif { [HTTP::host ] contains "test.com"} {

 

SSL::profile test_profile

 

}

 

}

 

 

regards,

 

 

 

This won't work. SSL::profile isn't available in an HTTP_REQUEST context. By the time you get to the completed HTTP_REQUEST, the profile has already been selected.

 

 

SSL::profile is available in CONNECTION_ACCEPTED and other contexts, but the HTTP::* stuff isn't. It's a bit of a chicken and egg problem.

 

 

You need the hostname to help select the profile, but you can't select the profile after you get the hostname.

 

 

I'm working on this exact same issue right now. I don't know that it's solvable via the current iRule implementation, but I would think this is a common enough issue for F5 to address.

 

 

We run a lot of websites off of one VIP, using name based configurations. We can't provide true SSL for those websites until this is resolved.