Forum Discussion
Cirrostratusredirect the pool based on certname
Folks
Can someone guide me the procedure for configure multiple certificate name to redirect to specific pools without doing any ssl offloading on the F5 VS
I want to redirect the traffic based on the certificate name from the client side.
any help appreciated
You can not do it in simple way without ssl off-load. You need to create an iRule and collect TCP data and then you can make redirect based on TCP payload
https://devcentral.f5.com/wiki/iRules.TCP__collect.ashx
Stanislas_Piro2Cumulonimbus
Hi,
Do you expect that the load balancing decision is done based on client certificate?
TLS protocol is simple:
Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application DataAs you can see, the client doesn't send it's certificate until the server doesn't request it. If you don't want SSL offloading, the load balancing method must be done just after the client sent the first packet, but the client certificate is sent in the 2nd client packet.
