Forum Discussion
Thiago_Morais
Altostratus
AltostratusMultiple SSL certificates in the Server Side
I need help to configure a VS based on the following scenario. 1) Each node has a self-assigned certificate based on FQDN (server's hostname) 2) The service is active in one node 3) The other...
Stefan_Klotz
Cumulonimbus
CumulonimbusHi Thiago,
in the serverside context the F5 acts as the client and doesn't interest on the validation of the server certificate (name, issuer, date). So you should be fine to simply use the parent serverSSL profile. Only on the clientside you have to use a specific clientSSL profile with an officially signed certificate matching the name of the DNS from your VS.
And regarding the "failover" of the poolmembers I see two options:
- Only the active member reacts successful on the health-check, so just this member becomes green and gets traffic. In case of an issue with the primary member, the second one becomes active and its monitor gets green.
- All members react successfully on the health-check, so you need to work with priority groups and must define the same order of the other members (in case there are more than two) as the "failover" within the application would do (if this is hopefully not a dynamic algorithm).
Ciao Stefan :)
