Rule to assign different SSL Keys based on Host Header

Actually, interestingly enough it's very much possible with a little trickery. Consider the case where 10.1.2.3 maps to "internal-hr.example.com" for the HR subnet of your intranet, and that same address maps to "internal-legal.example.com" for the legal dept subnet of your company. One should be able to decide which certificate to present based on L4 decisions (source IP for example.)

 

 

Or persistence (say someone visits a VIP from which we know we always issue a redirect to a secured site, we can drop a short-lived persistence entry in the table so that we can lookup the persistence record and know which certificate to send.)

 

 

Sure, in traditional SSL deployments, this wouldn't be possible. But we pride BIG-IP on being a pretty smart-and-nifty networking device :-).