Forum Discussion
AltostratusVIP and Client SSL profile
Hello...My requirement is as below -
I have a VIP that points to Application A. This application is referred by a CNAME rec called App1.test.com. I have a cert/key with the same name App1.test.com and this vip is assigned client ssl using this cert. Now I need this application to be servicing a different name App2.test.com and that needs to be over 443 as well. I have a cert/key for App2.test.com. The question I have is can I assign these 2 certs as client ssl profile for the same VIP? Will that work...or should I go about creating a new VIP and use the same pool members and assign this client ssl profile? In short can one VIP handle 2 client ssl profiles?
Thank you
4 Replies
Narendren_S_658Nimbostratus
An VIP can be associated to a single client SSL profile and single server SSL profile.
But you can try to get a wildcard certificate *.test.com, associate it to virtual server and have a DNS record for that virtual server ip pointed to both app1.test.com and app2.test.com.
DomaiIn my case wild card cert would not work...since I have 2 diff DNS names like App1.test.com and App2.abc.com. I just mentioned the above in my initial question as an example. But anyway I get the pic we can not use multiple client ssl mapped to a single vip right?
Cory_50405Noctilucent
You could potentially do it using TLS SNI if you could make it work in your environment:
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html
shaggySSL subject alternative names is another option, but you will have to get a new certificate each time you add a hostname.
http://en.wikipedia.org/wiki/SubjectAltName
SOL13470: BIG-IP support for the Subject Alternative Name extension in SSL certificates
