How to require SSL certificate for a single host header

Question

Hope some one can help.  
&nbsp;  
&nbsp; What we have to day is a single VIP with the SSL Client profile certificate set to ignore. The current i-rule handles three host headers. Moving forward we want to require the client certificate on example1 and example2 host headers and leave example3 at ignore. 
&nbsp;  
&nbsp; Here is the current i-rule. 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;    if { ( [string tolower [HTTPS::host]] contains "example1.com"  ) }  {  
&nbsp;         pool  example1  
&nbsp;         } elseif { ( [string tolower [HTTPS::host]] contains "example2.com"  ) }  {  
&nbsp;         pool example2 
&nbsp;         } elseif { ( [string tolower [HTTPS::host]] contains "example3.com"  ) }  { 
&nbsp;         pool example3 
&nbsp;         } 
&nbsp;    else { discard } 
&nbsp; }

dennypayne · Answer

The example in the wiki for SSL::renegotiate looks like it has similar logic to what you'd need.  (Click here) 
&nbsp;    
&nbsp;  Denny

colin_walker_12 · Answer

To change profile options in an iRule you're going to have to swap between profiles.  Denny's suggestion is a good one, check out the renegotiate command. 
&nbsp;  
&nbsp; Colin

Forum Discussion

How to require SSL certificate for a single host header

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Help F5 Transform the BIG-IP Administrator Certification

Introducing the single Installation script for F5 NGINX Instance Manager

Re: Management Certificate

CNAME redirection to GTM certificate SAN requirement

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS