NimbostratusHi Team,
Will it be possible if we can attach 2 different server SSL profiles to a single Virtual server. Here have a situation where a Virtual server with SAN certs ( abc1.com & abc2.com).And the traffic to abc1.com to be sent to server 1 and abc2.com to server 2. Both server 1 & 2 has its own SSL certs .
Any advise will be of great help.
Regards, Jibin
CirrostratusHi,
Did you check this article: Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature
NimbostratusHi Oguzy,
Thanks for the quick advise. Yes I did checked this article earlier - However here in my case the the scenario lies with the server side SSL and not the client side one. Hence I was wondering does that article really helps me as it is more onto client SSL profiles.
NimbostratusHi,
Did you check this article: Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature
NimbostratusHi Oguzy,
Thanks for the quick advise. Yes I did checked this article earlier - However here in my case the the scenario lies with the server side SSL and not the client side one. Hence I was wondering does that article really helps me as it is more onto client SSL profiles.
CirrusHi,
With an iRule you should be able to pick the correct server SSL profile based on the requested website or selected backend server.
But maybe you can create three virtual servers. One (what I call) a global virtual server and two virtual servers for the two websites. The global virtual server has a LTM policy to forward the traffic to one of the other virtual servers based on the URI or host header.
Both virtual servers have their own server SSL profile needed for the backend servers.
Regards,
Martijn.
Cumulonimbuslook at this code. it allow you to insert request Host header in TLS CLIENT_HELLO ServerName extension.
EmployeeWhy do you need several serverssl profiles? Do they have anything in particular?
The ltm on the server side will act as a client for your server, unless you need to present a client certificate or a very specific cipher string one serverssl certificate should cover the connection to both servers.
In any case, SNI is supported on serverssl profiles, you just need to add the name in the server name (inside your serverssl profiles). Configure this in your profiles, add it to your virtual server. You will need a third serverssl profile to cover a default option.
When you have this the system will choose the correct serverssl profile automatically based on the host header.