Forum Discussion

T_Rajneesh's avatar
T_Rajneesh
Icon for Nimbostratus rankNimbostratus
Apr 27, 2019

I-rule to bypass SSL certificate authentication for https request.

Hi,

 

i I had i-rule to redirect to https://abc.com/Test/app.

 

1)It is getting redirected to https://abc.com/Test/app but getting certificate error before passing on to the actual server where it is getting authenticated. I believe, the reason is.. hostname "abc" which has A-record/DNS entry as "abc.com" and we don't have SAN name for "abc" in the certificate to get validated.

 

Is it possible to have an irule to bypass ssl certificate authentication when we have https request for ?

 

2)when user removed the uri and re-enters the abc, it is not getting redirected.

 

3) Facing certificate issue as the certificate attached to vip is for https://abc.com,. Want to know if Updating the certificate SAN with DNS:abc will work ?

 

4) is it possible to remove https error or by pass when typed to https://abc.com/Test/app ?

 

Any suggestion, highly appreciated.

 

Thank you

 

application delivery
iRules
LTM

1 Reply

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 28, 2019

    What do you mean with « certificate authentication» ?

     

    Do you mean server authentication (which is always enabled with SSL/TLS) or client authentication (the client authenticate with a certificate)?

     

    If the issue is the browser requests url with short name but the certificate only contains fqdn, there is no solution except (one of following solutions):

     

    • adding shortname in the certificate SAN
    • create a new certificate with shortname, enable SNI in the clientssl profiles and assign multiple profiles to the virtual server
    • ask users to request the fqdn url and save it in bookmark... ;-)