Forum Discussion
NimbostratusUse multi SSL Profiles on one Virtual Server
Hi,
We've got a Virtual server accessible throught 2 Common names (2 Urls) Only one URL is secured with Public SSL Certificate. We'd like to use a second Public SSL Certificate to the second URL to secure it.
I'm thinking of using an iRule to use SSL Profile Client X when I receive a request on URL X & use the SSL PRofile Client Y when I receive a request on URL Y.
Is it possible to do so? If not, what do you suggest me?
Thank you.
Kindest Regards,
5 Replies
- boneyard
MVP
should be possible, but you might also look into using SNI.
this SOL explains how to: http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html
natheCirrocumulus
Afraid that irule won't work well as it'll need to decrypt the SSL connection first before it sees the URL. This means an SSL profile will need to be selected first.
The only way is SNI, as boneyard said.
N
tatmotivCirrostratus
Another way (besides SNI that was mentioned above) would be creating a new certificate that contains both hostnames, one as common name (CN), the other as subject alternative name (SAN). Thus, you will not need SNI (which might not be supported by some very old legacy clients) and can simply use one virtual with one clientssl profile using one ssl cert/key pair.
Yazid_AbdesslamHello,
Thank you all for your answers,
I think I'm gonna use SNI solution proposed by Boneyard. Because I already got a Certificate for the 1st CN & I cannot add a SAN on it unfortunately.
Kindest regards,
- Yazid_Abdesslam
Hi,
The SNI worekd fine.
I'd like to thank you for your usual support & prompt replies. :)
kindest regards
