Forum Discussion

PSFletchTheTek's avatar
PSFletchTheTek
Icon for MVP rankMVP
Apr 22, 2022

Client Certificate Management when using VIP targeting VIP

Hi All,

So i'm moving from a malware focused reverse proxy fronting our web service to the f5 to improve delivery.

But there is one feature i am struggling to reproduce, which is different client certificates being definded when different host names are presented.

So i have a VIP targetting VIP setup, and the cert on that front vip is doing all of the certificate management rather than the client certs on the virtual servers behind that front VIP. (looks like its designed that way, i'm sort of asking to check!)

Is there anyway way to say

IF hostname = server1.mydomain.com - assign server1.cert
IF hostname = server2.mydomain.com - assign server2.cert.

This is just how the older rev proxy we are taking out worked, but i can't find a way to reproduce this.

i can't say this is a major issue at the moment, no one has really noticed BUT i'm amazed the simple proxy we did have has this feature and the f5 can't match it! (And as per normal better it!)
Any ideas? Ta - Fletch

application delivery

3 Replies

Sort By
    • PSFletchTheTek's avatar
      PSFletchTheTek
      Icon for MVP rankMVP
      Apr 23, 2022

      No but I'll give it a go in my lab Monday morning!

      Not sure how it'll work with a wildcard.

      95% of the systems use a wildcard, then 4-5 have there own separate cert.

      • Dario_Garrido's avatar
        Dario_Garrido
        Icon for MVP rankMVP
        Apr 23, 2022

        It works fine. In your case, I would use the wildcard certificate as default.

        If everything works as expected, please don't forget to mark my answer as resolved. Some thumbs up are also appreciated.