Multiple Certs, One VIP: TLS Server Name Indication via iRules

An age old question that we’ve seen time and time again in the iRules forums here on DevCentral is “How can I use iRules to manage multiple SSL certs on one VIP"?”. The answer has always historically...
Published Apr 05, 2011
Version 1.0
adn
application delivery
availability
BIG-IP
code
dev
devops
disaster recovery
iRules
management
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Apr 05, 2011
Nice article and a great Codeshare contribution...

 

 

You could eliminate the need for the datagroup mapping hostnames to client SSL profile names if you name the client SSL profile with the hostname it in. In other words, you would assume for a hostname of:

 

 

www.example.com -> www.example.com_clientssl

 

host1.example.com -> host1.example.com_clientssl

 

mail.example.com -> mail.example.com_clientssl

 

 

Aaron