multiple SSL certificates on a VS

Question

I am trying to setup a single VS that gets traffic come from two host names let just say test1.site.com and test2.site.com, and then I am going to sort by host name to different http classes so I can apply a separate ASM policy to each site and send them to different web servers on the backend. My issue is that these are both SSL sites and I need to apply a different certificate to each site name. I was thinking I might be able to use an iRule for this but was not sure how to set it up properly. Any suggestion.

nitass · Answer

have u seen this one? 
&nbsp;  
&nbsp; Multiple Certs, One VIP: TLS Server Name Indication via iRules by Colin Walker 
&nbsp; http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086451/Multiple-Certs-One-VIP-TLS-Server-Name-Indication-via-iRules.aspx

hooleylist · Answer

Hi Mike, 
&nbsp;  
&nbsp; As Nitass alluded to, if you have a controlled user base and can guarantee there aren't any XP clients, you can potentially use Joel's  TLS SNI iRule to present the correct cert based on which hostname the client is requesting.  If that's not an option, then you could get a wildcard cert for *.site.com or get a SAN cert valid for test1.site.com and test2.site.com. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

multiple SSL certificates on a VS

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

SSL Certificate Report

Re: Management Certificate

Certifications for security professionals

Client ssl certification bulk installation

Certificate Expiry Email alert configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS