Forum Discussion
Paul_Rodriguez1
Nimbostratus
NimbostratusiRule needed HTTP uri and multiple SSL profiles on a single VIP
I have the need for a irule that can take uri and match to specific SSL profile using the same VIP and dropping in the same pool. Traffic comes in 443 and goes to pool with IIS bound to port 80. Websites are hosted on IIS server using multiple completely different domain names while using host headers. BigIP 6900 10.2.0 HF2
We are new to F5's and so would appreciate the assistance. This is my first time using this service.
multiple different domains
multiple Certs loaded on the F5 corresponding to different domain names
single VIP being used internally (at externally facing at this time.
multiple SSL profiles created corresponding to the Different Certs.
needs to pass URI to IIS using the correct Certificate and/or SSL profile.
Windows 2008 R2 servers using IIS
Please let me know if there is anything I should add that I may have left out.
Thanks, Paul
- Chris_Miller
Altostratus
Paul - the problem here is that you need to decrypt the request before you can see the requested Host/URI. So, by the time you're looking at the URI, your SSL profile has already been used. 
hooleylistCirrostratus
In the (near?) future, you could use TLS SNI for this. For now, you can only reasonably support one SSL cert per virtual server. See these threads for more info:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/afv/topic/aft/1176492/aff/31/showtab/groupforums/Default.aspx1200470
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1174596/aff/5/showtab/groupforums/Default.aspx
Aaron
