Name Based Virtual Hosting with LTM

We get a lot of posts about the best way to use LTM for name based virtual hosting: Conserving routable IP addresses by hosting multiple websites on the same virtual server and load balancing request...
Published Nov 29, 2007
Version 1.0
BIG-IP
news
tech tip
virtualization
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Dec 06, 2007
Good question.

 

 

Only one clientssl profile can be applied to the virtual server. and even if we could dynamically call different profiles, the Host header is not seen until after the cert/key exchange takes place -- too late to decide which one to use.

 

 

For multiple hostnames in the same domain, a wildcard certificate is the best solution to this conundrum.

 

 

For disparate domains (like those I used in my example), there really isn't a foolproof way to do that. If sessions will originate via HTTP then redirect to HTTP, there's an interesting post suggesting a workaround here:

 

http://devcentral.f5.com/default.aspx?tabid=53&view=topic&forumid=5&postid=3071

 

 

HTH

 

/deb