For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Klemm_4418's avatar
John_Klemm_4418
Icon for Nimbostratus rankNimbostratus
Oct 21, 2006

Irule

Is there an irule that will pull up different SSL certs. For instance, if I do not have a wildcard cert can I create a rule and apply it to my VIP so that if traffic is coming in destined for a certa...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 22, 2006
In order to select which cert to present you would need to have access to the HTTP host header in the client request. In order to inspect the HTTP content in a request, you'd need to have already have presented the SSL certificate.

 

 

In short, you either need to have a separate IP:port available for each unique SSL FQDN or you need a wildcard cert that matches the domain or subdomains of all FQDN's you want the VIP to answer for.

 

 

So if you have a few sites with the following FQDN's:

 

 

a.b.c.mydomain.com

 

x.y.z.mydomain.com

 

 

You would need a wildcard cert for *.mydomain.com. If a part of the subdomain's matched, you could get a more specific wildcard cert. For example, *.c.mydomain.com would work for these two FQDN's:

 

 

a.b.c.mydomain.com

 

x.y.c.mydomain.com

 

 

Hope this helps,

 

Aaron