SSL Certificates

I don't understand why clients connecting to www.virtual2.com would get an error for a certificate on www.virtual1.com. Is the application sending back absolute references to www.virtual1.com's hostname or IP address?

 

 

Can you provide more detail on the exact connections that are being made and when the client is getting an error? If you want to get a more detail on what the client is receiving, try using LiveHttpHeaders for Firefox or IEwatch or HTTPwatch for IE to view the headers and data being sent to the client.

 

 

Aaron

My current problem is that the application needs to terminate SSL on the servers.

 

If don't have that the application does not work.

 

 

Let's put it in this way we need to terminate SSL on the servers.

 

If we load the SSL certificates then we cannot have several virtual[1,2,3..].com without the secuirty pop up window in the browser window.

 

We are not talking about multiples extensions of the same domain (*.mydomain.com), we are talking about different domains.

 

virtual1.com

 

virtual2.com

 

virtual3.com

 

In addition, Our application needs the X-Forward header.

 

 

We need to send the certificate from the BIG IP to the servers.

 

 

 

Please comment!

 

Okay... so you don't need an iRule for this. You can configure a client SSL profile using each of the SSL certifiates/keys, for each virtual server. This will allow you to decrypt the client to virtual server SSL.

 

 

You can then configure a single server SSL profile and associated that profile with each of the virtual servers. This will allow BIG-IP to re-encrypt traffic from itself as the client to the servers in the pool.

 

 

To insert the X-Forwarded-For header, just enable the option on a new HTTP profile and associate that with the virtual server.

 

 

As this doesn't pertain to rules, please read up on these configuration steps in the 9.x Configuration Guide for your version on AskF5.com. If you have any questions, you can contact F5 support.

 

 

Thanks,

 

Aaron