F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

vinceKahn_97184's avatar
vinceKahn_97184
Historic F5 Account
Dec 05, 2007

https cert redirect

I'm trying to solve the following invalide cert use case:     Cert's issued to "www.foo.com"   User types url "https://foo.com"     I figured out how to redirect the request to "https:/...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 05, 2007
Hi,

 

 

If the client makes a request to the virtual server over HTTPS with a host header value that doesn't match the cert's CN, they'll get the browser prompt to accept the mismatched cert. There isn't anything you can do to eliminate that.

 

 

You could get a wildcard cert which is valid for *.foo.com.

 

 

Or you could try to eliminate the scenarios whereby a user would make a request to the HTTPS VIP with the wrong Host header value.

 

 

If the client is first making a request via HTTP to a VIP address, you could redirect them to the correct host via HTTPS (https://www.foo.com). They wouldn't get the cert warning then.

 

 

Aaron