Forum Discussion

GalalNabil's avatar
GalalNabil
Icon for Nimbostratus rankNimbostratus
Nov 21, 2021

Multiple HTTPS sites with multiple Certificates under the same Virtual Server

Hi There,

 

 

 

The case is (Multiple HTTPS sites with multiple Certificates under the same Virtual Server)

 

the virtual server is already created with one pool.

 

the first certificate has a clientssl (default) as a parent.

 

the second one has a default sni checked and server name and the clientssl (default) as a parent.

 

i added both to the virtual server.

 

should i create a new pool that is related to the new server or adding the new server as a new member of the existing pool.

 

and should i make a LTM policy to redirect the traffic to the pool if the host condition was matched. 

BIG-IP
cloud
LTM

3 Replies

Sort By
  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Nov 22, 2021

    For this case,

    1. Separate new pool for the new server.
    2. Yes you can use LTM policy or iRULE to send traffic to the desired pool based on the URL host; uri etc.

     

     

    NOTE- Adding a new pool member in existing pool will create problem. As for any host request, the request will be forwarded to all the active pool members in the pool. So with this, client will get unexpected response pages.

     

    Hope it helps!

     

     

    • GalalNabil's avatar
      GalalNabil
      Icon for Nimbostratus rankNimbostratus
      Nov 23, 2021

      Thank You :)

      unfortunately that didnt work, the existing configuration is an (ADFS replacement with iapp template) so, does that make any conflict with the new configuration.? what do you think?

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Nov 23, 2021

    I do not see any conflict / issue with such configuration if the LTM policy or iRules & SSL configuration is done properly. Now As vServer is configured using iApp template, you will need to modify changes restrictions on the iApp template in order to make changes on the vServer.

     

    But you will also need to consider other side story. As both ADFS & the new URL will be on common vServer, whatever changes you will make on the VS, all the changes will be applicable to both applications. Personally I would prefer to have dedicated vServer for services like ADFS. Otherwise having normal URLs on the common vServer works fine.

     

    Hope it helps!