Irule

In order to select which cert to present you would need to have access to the HTTP host header in the client request. In order to inspect the HTTP content in a request, you'd need to have already have presented the SSL certificate.

 

 

In short, you either need to have a separate IP:port available for each unique SSL FQDN or you need a wildcard cert that matches the domain or subdomains of all FQDN's you want the VIP to answer for.

 

 

So if you have a few sites with the following FQDN's:

 

 

a.b.c.mydomain.com

 

x.y.z.mydomain.com

 

 

You would need a wildcard cert for *.mydomain.com. If a part of the subdomain's matched, you could get a more specific wildcard cert. For example, *.c.mydomain.com would work for these two FQDN's:

 

 

a.b.c.mydomain.com

 

x.y.c.mydomain.com

 

 

Hope this helps,

 

Aaron