I am trying to save VIP addresses on our https servers. We have a webserver pool serving multiple hostnames. Unitl now for each https request we are setting up a new VIP corresponding with the client-ssl related to the host name. What I am looking for is something like
if hostname matches website1.com use client-ssl website1
if hostname matches website2.com use client-ssl website2
Keep in mind that we are running version 12.1.3.
Is there somewhere a possibility ?
02-Sep-2020 04:12 - last edited on 24-Mar-2022 02:11 by li-migration
Hello You can use multiple client SSL profiles on the VIP. So Depending on the hostname, the proper client certificate will get used. In order to use it, you need to enable SNI settings in one of the client SSL profile which will act as Default/Fallback SSL profile. This fallback SSL profile will get used when the server name doesn't match or the client is not supporting SNI. In other words, if server name is not macthing and/or client is not supporting SNI, then fallback SSL profile will served the SSL/TLS handshake.
You can define one of the client SSL profile as a fallback SSL by checking below option under SSL profile advance settings.
Note : Unless you define one of the profile acting as default/fallback SSL profile for the VIP, you can't map multiple SSL profiles to single VIP.
Hope it helps!
I created a test setup with different certificates and used the server name field int the clientssl, and created one last clientssl as default. This did the trick. I even went further by using a policy to go to different pools depending the host name. That also went well. Many thank for your answer and help.
02-Sep-2020 07:35 - last edited on 24-Mar-2022 02:11 by li-migration
Great, happy to know that.
02-Sep-2020 08:22 - last edited on 24-Mar-2022 02:11 by li-migration
, I got your email about the broken links related to this elsewhere on our site. I will be getting those updated, where possible. You did the right thing by asking your question here. was able to answer your question before I even woke up. 😉 CommunityFTW. Thanks for sharing.