Forum Discussion
John_Klemm_4418
Nimbostratus
NimbostratusIrule
Is there an irule that will pull up different SSL certs. For instance, if I do not have a wildcard cert can I create a rule and apply it to my VIP so that if traffic is coming in destined for a certain URL then the irule will bring up the correct cert?
I am a newbie and I appreciate everyones help. I do not want to bug you guys too much.
3 Replies
hoolioCirrostratus
In order to select which cert to present you would need to have access to the HTTP host header in the client request. In order to inspect the HTTP content in a request, you'd need to have already have presented the SSL certificate.
In short, you either need to have a separate IP:port available for each unique SSL FQDN or you need a wildcard cert that matches the domain or subdomains of all FQDN's you want the VIP to answer for.
So if you have a few sites with the following FQDN's:
a.b.c.mydomain.com
x.y.z.mydomain.com
You would need a wildcard cert for *.mydomain.com. If a part of the subdomain's matched, you could get a more specific wildcard cert. For example, *.c.mydomain.com would work for these two FQDN's:
a.b.c.mydomain.com
x.y.c.mydomain.com
Hope this helps,
Aaron
John_Klemm_4418I figured this was the answer. The problem is upper management, their understand is less than mine on these Big-IP machines. I appreciate everyone who has given me guidance here over the past few days and hopefully I have worn my welcome out.- John_Klemm_4418I will be fighting for a wildcard cert tomorrow. I appreciate everyones help.
