Forum Discussion
AltostratusMultiple SSL certificates in the Server Side
I need help to configure a VS based on the following scenario.
1) Each node has a self-assigned certificate based on FQDN (server's hostname)
2) The service is active in one node
3) The other nodes are on standby
4) The connection between F5 and Application Server will be in HTTPS
5) The application will start the service in another node when the active node goes down
How I can configure the F5 to use a different certificate based on the application failure (when the monitor failed and the application change to another server)? In the server SSL profile should have the certificates for each server?
Thanks in advance.
TM
- Stefan_Klotz
Cumulonimbus
Hi Thiago,
in the serverside context the F5 acts as the client and doesn't interest on the validation of the server certificate (name, issuer, date). So you should be fine to simply use the parent serverSSL profile. Only on the clientside you have to use a specific clientSSL profile with an officially signed certificate matching the name of the DNS from your VS.
And regarding the "failover" of the poolmembers I see two options:
- Only the active member reacts successful on the health-check, so just this member becomes green and gets traffic. In case of an issue with the primary member, the second one becomes active and its monitor gets green.
- All members react successfully on the health-check, so you need to work with priority groups and must define the same order of the other members (in case there are more than two) as the "failover" within the application would do (if this is hopefully not a dynamic algorithm).
Ciao Stefan :)
