Forum Discussion

Simon_Poirier_7's avatar
Simon_Poirier_7
Icon for Nimbostratus rankNimbostratus
Oct 12, 2011

iRule to have 2 SSL Cert on 1 virtual server

Hi,

 

 

I'm trying to get one virtual server to respond with 2 different certificats depending on the domain type by the user

 

 

here what I have but it didn't work

 

 

when HTTP_REQUEST {

 

$dom = [HTTP::host]

 

}

 

when CLIENT_ACCEPTED {

 

if { $dom equals "webmail.domainone.com" } {

 

SSL::profile ucc_webmail.domainone.com

 

} elseif { $dom equals "webmail.domaintwo.com" } {

 

SSL::profile ucc_webmail.domaintwo.com

 

}

 

}

 

 

I would really appreciate any help on that

 

 

Thanks

 

Simon

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • Peter_72728's avatar
    Peter_72728
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2011
    Simon,

     

     

    I think at least part of the reason it's not working is that the Client_Accepted event fires before the HTTP_Request event. So, your dom variable hasn't been set when your conditional is executed.

     

     

    Take a look at this post for more details on the event order.

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/344/iRules-Event-Order.aspx

     

     

     

    Peter

     

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2011
    Hi Simon,

     

     

    Look at this thread. It is a discussion similar to what you are wanting with some additional considerations and another pointer to and iRule example, but you might be better off with a Multi-SAN SSL Certificate.

     

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1178701/showtab/groupforums/Default.aspx

     

     

    Multiple Certs, One VIP: TLS Server Name Indication via iRules by Colin Walker

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086451/Multiple-Certs-One-VIP-TLS-Server-Name-Indication-via-iRules.aspx

     

     

    Hope this helps.