Forum Discussion

Nimbostratus

Apr 17, 2008

Self-signed certificate in a Redirect

I have a virtual server setup to receive SSL traffic. The virtual server has a CLIENTSSL profile on it, with a self-signed SSL certificate. The virtual servers only purpose is to do a redirect. So...

config

design

hooleylist

Cirrostratus

Apr 17, 2008

If the browser is configured to generate an alert when the requested hostname doesn't match the subject of the SSL certificate a site presents, then I could see that it would work in IE. However, with default settings in IE, you should see the mismatched certificate warning. By design of SSL certificates there isn't a way to configure a web server to prevent the client from 'seeing' that the cert isn't valid. You'd need to get a certificate which is valid for the host name that the client requests, or change the browser settings for each client.

I'm not sure if it's feasible for you to do, but if you could have the clients make the first request to http://urlname.com (instead of https://urlname.com), you could avoid the cert mismatch issue.

Aaron

Forum Discussion

Self-signed certificate in a Redirect

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Changing self-signed device certificate impact

Web Services, SSL, and self-signed server certificates

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB