cancel
Showing results for 
Search instead for 
Did you mean: 

Client Certificate Management when using VIP targeting VIP

PSFletchTheTek
Cirrocumulus
Cirrocumulus

Hi All,

So i'm moving from a malware focused reverse proxy fronting our web service to the f5 to improve delivery.

But there is one feature i am struggling to reproduce, which is different client certificates being definded when different host names are presented.

So i have a VIP targetting VIP setup, and the cert on that front vip is doing all of the certificate management rather than the client certs on the virtual servers behind that front VIP. (looks like its designed that way, i'm sort of asking to check!)

Is there anyway way to say

IF hostname = server1.mydomain.com - assign server1.cert
IF hostname = server2.mydomain.com - assign server2.cert.

This is just how the older rev proxy we are taking out worked, but i can't find a way to reproduce this.

i can't say this is a major issue at the moment, no one has really noticed BUT i'm amazed the simple proxy we did have has this feature and the f5 can't match it! (And as per normal better it!)
Any ideas? Ta - Fletch

3 REPLIES 3

Hello. 

Have you tried with this approach? 

https://support.f5.com/csp/article/K13452

 

Regards,
Dario.

No but I'll give it a go in my lab Monday morning!

Not sure how it'll work with a wildcard.

95% of the systems use a wildcard, then 4-5 have there own separate cert.

It works fine. In your case, I would use the wildcard certificate as default.

If everything works as expected, please don't forget to mark my answer as resolved. Some thumbs up are also appreciated.

 

Regards,
Dario.