Forum Discussion

Marco_Bayarena_'s avatar
Marco_Bayarena_
Icon for Altostratus rankAltostratus
Aug 22, 2012

HTTPS Redirect to another HTTPS domain using same VS.

I have a VS configured with a Client SSL profile for domain www.newsite.com. We are trying to migrate off an old domain name called www.oldsite.com that was using the same VS. Originally the Client Profile was set to www.oldsite.com certificate. We changed the profile to use the SSL certificate for www.newsite.com.

 

 

I would like for when someone browses to https://www.oldsite.com to redirect to https://www.newsite.com.

 

 

When I create the iRule,

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] equals "www.oldsite.com" }

 

HTTP::redirect "https://www.newsite.com"

 

}

 

}

 

 

It doesn't seem to trigger because the browser is looking for the certificate for www.oldsite.com. It works when it is an HTTP request to www.oldsite.com. It fails when it is HTTPS.

 

 

Is there a way to make this rule or some other method to trigger immediately before the browser checks the common name of the cert?

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Aug 22, 2012
    Marco

     

     

    I think the only solution to this would be a SAN certificate, including both domains, on the VS.

     

     

    Alternatively could you change the IP address of the oldsite domain and point it to a different VS (with the oldsite SSL profile/certificate) which does a redirect to the new domain name / VS?

     

     

    Rgds

     

    N
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 22, 2012
    this is some information about sni.

     

     

    sol13452: Configuring a virtual server to serve multiple HTTPS sites using TLS Server Name Indication (SNI) feature

     

    http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html

     

     

    Multiple Certs, One VIP: TLS Server Name Indication via iRules by Colin

     

    https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086451/Multiple-Certs-One-VIP-TLS-Server-Name-Indication-via-iRules.aspx
  • Marco_Bayarena_'s avatar
    Marco_Bayarena_
    Icon for Altostratus rankAltostratus
    Aug 22, 2012
    I had a feeling I would have to create another VS and assigned the old SSL cert to that. Thanks for the responses.