https to https redirect

Question

I've been researching this and have been having a hard time finding a definite answer.  I am load balancing to a web server that has https content on it.  I own 2 TLDs for my domain, .com and .net.  My server's certificate is certified to .com, so when you try to go to .net, you get a certificate warning.  In DNS,  .net and .com point to the same IP address, so if you go to https://www.xyz.com or https://www.xyz.net, you get the same content from the same physical servers.  Anyway, I've used the redirect generator to write the iRule off devcentral, but my question is will this work redirecting one https to another https?  How does the F5 manipulate the packet?&nbsp;
&nbsp;I did read a post that said you would still get a cert 
warning when redirecting https to https with the cert on the F5.  Our certs are on the physical servers if that makes a difference.&nbsp;
&nbsp;Thanks,
&nbsp;Dan&nbsp;

chris_miller · Answer

The best way to think of it is that 1 Cert = 1 IP. While you can use wildcard certs for more flexibility, that doesn't help if you're talking .com and .net.  
&nbsp;  
&nbsp; With that said, are you simply using A records in DNS? I wonder how this would go if you were to CNAME www.xyz.com to www.xyz.net and have a www.xyz.net cert on your boxes. Might be worth a shot... 
&nbsp;  
&nbsp; Worst case scenario - you'd need to have Virtual Servers with 2 different IPs, 1 for each Domain. I suspect though that redirecting will trigger a cert warning.

chris_miller · Answer

Just tested out the CNAME option and it also triggers a cert warning. Your only option to avoid cert warnings might be to support both sites with different certs. If I think of something else, I'll post it.

appmandan_5823 · Answer

Thanks Chris&nbsp;

steve_brown_882 · Answer

You could create a certificate with a subject alternate name for the .net domain which would allow both domains to be served by the same vs.

chris_miller · Answer

Posted By stjbrown on 01/07/2011 07:10 AM
&nbsp;
You could create a certificate with a subject alternate name for the .net domain which would allow both domains to be served by the same vs.

&nbsp;Have to make sure all your clients support this.&nbsp;&nbsp;Generally, looks like most support it:&nbsp;&nbsp;&nbsp;https://www.digicert.com/subject-al...bility.htm&nbsp;&nbsp;&nbsp;I ran into an issue with phones when I last tried.&nbsp;

Forum Discussion

https to https redirect

6 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

Related Content

https to https redirection

iRule HTTPS to HTTPS redirection

Redirect from Http to Https Not working

http to https redirection

Simple HTTP::redirect iRule results in a reset