Forum Discussion
Skuba_85554
Nimbostratus
Nimbostratusstrange ssl question
hi
this is a bit of a strange question! hopefully it will make sense...
i know there doesn't appear to be a clean way of dynamically choosing SSL certificates via the sam...
hoolio
Cirrostratus
CirrostratusHi Skuba
I don't think what you're describing with trying to mask from the client the SSL connection between the client and the VIP would really work. If you want the client to establish an encrypted connection with the VIP, you'd need them to connect to https://... or redirect them from another URL to https://... Either way, the address bar in the browser will show where they are connected to. If the host from the address bar https://mysite.example.com/path/to/file.ext doesn't match the CN or subject alternate name on the certificate, the browser will generally show a warning.
You could use arbitrary certs on the web server(s) and have the LTM to pool connection encrypted. The client wouldn't have any insight into anything after their connection to the VIP. I don't think this solves your problem of trying to allow clients to test multiple SSL connections on a single VIP.
If they are test clients, could you install a custom root certificate in the browser which is valid for the domain you're testing on? If so, you could create your own cert which is valid for *.test.com, test.com, *.live.com and *live.com.
Aaron
