For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Apr 21, 2011

multiple SSL certificates on a VS

I am trying to setup a single VS that gets traffic come from two host names let just say test1.site.com and test2.site.com, and then I am going to sort by host name to different http classes so I can apply a separate ASM policy to each site and send them to different web servers on the backend. My issue is that these are both SSL sites and I need to apply a different certificate to each site name. I was thinking I might be able to use an iRule for this but was not sure how to set it up properly. Any suggestion.

 

application delivery
dev
devops
iRules

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 21, 2011
    have u seen this one?

     

     

    Multiple Certs, One VIP: TLS Server Name Indication via iRules by Colin Walker

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086451/Multiple-Certs-One-VIP-TLS-Server-Name-Indication-via-iRules.aspx
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 22, 2011
    Hi Mike,

     

     

    As Nitass alluded to, if you have a controlled user base and can guarantee there aren't any XP clients, you can potentially use Joel's TLS SNI iRule to present the correct cert based on which hostname the client is requesting. If that's not an option, then you could get a wildcard cert for *.site.com or get a SAN cert valid for test1.site.com and test2.site.com.

     

     

    Aaron