Forum Discussion

RecontuerSG_258's avatar
Historic F5 Account
Jun 15, 2017

iRule to Redirect autodiscover traffic

Dear all,

the SSL certificate in my current virtual server points to and not

I would like F5 to redirect from to in hopes to eliminating the SSL security warning popup from Outlook clients as seen below. Is that possible?

I tried this iRule but it wasn't working, still prompts warning. I believe Outlook client is using HTTPS traffic to contact the mail server?

    if { [string tolower [HTTP::host]] ends_with "" } {
        HTTP::redirect ""

6 Replies

  • which SSL certificate you have installed on VIP "". Its looke like VIP is not using valid SSL certificate, so returning error. Plz click on view Certificates of & paste here.


    iRule will not redirected traffic to other VIP until valid cert or other option to bypass client cert.


    • DavisLi's avatar
      Icon for Employee rankEmployee

      There is no certificate for Only is attached a SSL Client Profile in the VS listening for exchange traffic. Is there a way not to buy abccommodities certificate because company has 10 over subsidiary names but all pointing to the same Exchange server cluster.


    • Samir_Jha_52506's avatar
      Icon for Noctilucent rankNoctilucent

      Either option to click Yes all time or attach valid ssl certificate to vip.


      Other option(not recommended) apply redirection on http vip.


    • DavisLi's avatar
      Icon for Employee rankEmployee

      Redirect from HTTPS to HTTP or HTTP to HTTPS? Exchange backend only accepts HTTPS.


      If without SSL certificates, can this issue be resolved? Exchange team was saying previously when they used Microsoft's Threat Management Gateway (TMG), there was some redirection features inside TMG and they never had SSL certificates.


      With F5 in the picture to replace TMG, they were expecting F5 to do the same.


      I still can't understand how TMG does it without proper certificates because TMG is just an SSL terminator but still needs certificate/private key right?


    • DavisLi's avatar
      Icon for Employee rankEmployee

      It seems there is no other way other than meddling with customer's DNS or have customer to provision multiple SSL-Certs with the appropriate common name and add them into one virtual server.


      When the client access one https site, client knows the hostname of the site. During SSL handshake, the server provide the certificate. If the CN in the server certificate does not match the hostname, the client will definitely get the certificate warning. HTTP redirect cannot fix the issue, as the certificate warning is in the first connection.


      If one virtual server can provide the service for multiple HTTPS sites and provided customer can provision different SSL-Cert with its common names, the following article can help: K13452: Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature (