Forum Discussion

Hille_de_Graaf_'s avatar
Hille_de_Graaf_
Icon for Nimbostratus rankNimbostratus
Aug 24, 2010

URL rewrite for testing new Entrust SSL certificates

Hi,

 

 

we are running V9.4.8 HF3 on our LTM

 

We are offloading a site which is protected by a Entrust SSL Server certificate.

 

We have to renew the Entrust certificate, but the content has changed in the Server certificate (the basic constraint field is now used)

 

 

We want to create a test environment for our users to check if SSL communication still works fine.

 

 

So I did the following:

 

* downloaded a new SSL server certificate from Entrust (with the new content) and also the Chain certificate

 

* create a test VS, attached to it the ssl-client profile (with the new certificate)

 

* I uses the same Pool as the production VS

 

* added an iRule which rewrites the test-url => prod-url

 

* created a test DNS which points to the test VS

 

 

The iRule looks likes this

 

 

when HTTP_REQUEST {

 

HTTP::header replace "prod.comp.com"

 

}

 

 

But it doesn't work and I'll get the following error in the ltm log

 

 

Aug 24 16:28:56 tmm tmm[1979]: 01220001:3: TCL error: ssl-online-test - Illegal argument (line 1) invoked from within "HTTP::header replace "prod.comp.com""

 

 

Has anyone an idea what is wrong? Help would be appreciated.
application delivery
dev
devops
iRules

1 Reply

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Aug 24, 2010
    You aren't specifying the name of the header to replace....Are you trying to change both the host and the URI or just the host?

    If just the host, this would work to rewrite the host header from test.comp.com to prod.comp.com. 

    when HTTP_REQUEST { 
if { [string tolower[[HTTP::host]] eq "test.comp.com" } {
HTTP::header replace Host "prod.comp.com" } }