Forum Discussion
hooleylist
Apr 08, 2010Cirrostratus
Thanks for the correction on the redirect location protocol. I assumed you were using this rule on an HTTP VIP. As you found it's too late to fix this when the client is making an HTTPS request with a hostname that doesn't match the SSL cert. For HTTPS, LTM needs to decrypt the SSL before viewing the HTTP or sending an HTTP response. In order to decrypt the SSL, LTM needs to send its cert and complete an SSL handshake.
To fix this, you'd need to correct the client's request before it's made via HTTPS. So if you can add this iRule to an HTTP VIP you could prevent the insecure cert warning for the HTTPS requests. Or if clients are expected to make requests directly via HTTPS to the various hostnames, you could create separate A records to resolve the hostnames to different IP addresses.
Aaron