Forum Discussion

Tom_Freeman_933's avatar
Tom_Freeman_933
Icon for Nimbostratus rankNimbostratus
Aug 20, 2009

Wildcard SSL certs and the 4.5.x OS

I have an older 2400 load balancer running 4.5.13-Build86b, and I will be migrating to Wildcard SSL certs hosted on the BigIP in the near future. In my current config, I'm handling SSL at the individual webserver. I've been scanning through documentation and searching the forum, but I can't seem to find what I'm looking for.

 

 

2 Questions:

 

- Will the 4.5.x OS's support a Wildcard SSL cert?

 

- Can I effectively host SSL certs on a BigIP that does NOT have the SSL accelerator card?

 

 

I only need to host 2-5 SSL certs for a short period of time before I will be migrating to a 3400 running a 9.3.x OS.

 

 

Much thanks!

 

Tom F.
dev
devops
iControl
v4
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Aug 24, 2009
    Hi Tom,

     

     

    If you don't get an answer here, you might try posting in the advanced config section. From what I remember, 4.5 would support a wildcard cert, but you might have to use openssl to generate the CSR and the GUI might not have allowed * in the cert subject. SOL3395 (Click here) seems to suggest that there shouldn't be any problem. Maybe I'm remembering something incorrectly or for an older version.

     

     

    I thought the 2400 came with an SSL accelerator card as standard. Are you sure there isn't one? I'm not sure what kind of performance you could expect if you were to do all SSL handshakes in software. Maybe someone else can comment on this.

     

     

    Aaron
  • Tom_Freeman_933's avatar
    Tom_Freeman_933
    Icon for Nimbostratus rankNimbostratus
    Aug 24, 2009
    Thanks much Aaron. Our 2400's may have the card - I just assumed that since we weren't using them for SSL in the past, that option wasn't installed. I had an older model BigIP at a previous job, and we had to purchase and install the SSL cards in those units, so I was (hopefully incorrectly) assuming that these were the same.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Aug 24, 2009
    This solution on platforms indicates the 2400 came with an SSL card by default. I think only the old 4U units had the SSL card optional.

     

     

     

    https://support.f5.com/kb/en-us/solutions/public/5000/100/sol5153.html

     

     

    Platform: D44

     

    Models BIG-IP 2400

     

    Form Factor 2U

     

    Host Board Tyan 2765 Rev 7A

     

    Processor Dual PIII 1.266GHz

     

    Dual PIII 1.4GHz

     

    SSL Card Broadcom 5822 SSL Chip

     

     

     

     

    Aaron