Forum Discussion

John_Klemm_4418's avatar
John_Klemm_4418
Icon for Nimbostratus rankNimbostratus
Oct 20, 2006

SSL

I have a VIP of .77 with a certificate already assigned to it. I have added two other servers that will require their own certs, how do I add additional certs to the VIP
application delivery
dev
devops
iRules
  • John_Klemm_4418's avatar
    John_Klemm_4418
    Icon for Nimbostratus rankNimbostratus
    Oct 20, 2006
    If I created another virtual server with the same ip address of .77 and assigned it the ssl certificate that I wanted would it create problems?
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Oct 20, 2006
    You would have to use a different port for each virtual server.

     

     

    The only way to support multiple hostnames on the same SSL virtual is with a wildcard cert.

     

     

    Barring that, you'll need to create multiple port 443 virtuals on differing IP addresses, and apply the appropriate cert to each.
  • John_Klemm_4418's avatar
    John_Klemm_4418
    Icon for Nimbostratus rankNimbostratus
    Oct 20, 2006
    how would I go about doing a wildcard cert??? Is this something I can self-cert on the F5. Cannot find much about this in the F5 documentation.
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Oct 21, 2006
    This thread is wandering further & further off-topic for this forum...

     

     

    You can create a self-signed cert on LTM using a Common Name of "*.domain.com".

     

    Clients will get the unknown CA warning just as they would with any other self-signed cert.

     

     

    HTH

     

    /deb

     

  • John_Klemm_4418's avatar
    John_Klemm_4418
    Icon for Nimbostratus rankNimbostratus
    Oct 21, 2006
    If i did use a common name then could I use an irule to direct traffic to 8 different sites on the same Vip? I am sorry this is getting off track for this forum if you could point me to the right one that would be great.