Mulitple SSL certs w/single vip

Unanswered Question
May 19th, 2008

How would I have two urls point to one vip with ssl termination enabled on the ace. Is it as simple as adding the second cert/key pair to the ssl-proxy service?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Mon, 05/19/2008 - 07:37

NO !!!

A certificate is always associated to a singe website/server name and your server name will resolved to a single ip address which is a vip.

In other words, you need 2 vip if you have 2 websites.

Another reason is that you only know the Hostname inside the client request after decrypting the traffic and to decrypt the traffic you need to know which certificate to use.

Therefore you can't use a single vip for 2 websites as you won't be able to determine which certificate to use.

Gilles.

harrjd222 Mon, 05/19/2008 - 15:56

Gilles

Would a wildcard certificate work in this sitution?

*.abc.com

Gilles Dufour Tue, 05/20/2008 - 00:54

Yes.

A wildcard certificate is a good solution assuming your sites are part of the same domain.

In this case a single certificate is enough to the SSL part and you can then use the decoded info to detect which website the client is looking for.

Gilles.

jrossiter7311 Tue, 10/14/2008 - 18:21

Hi Gilles,

I'm trying to set up something similar (Wildard cert for multiple sites using the same domain). Could you please share a sample configuration?

Thanks,

John

carlsond Fri, 05/30/2008 - 06:27

You can also associate more than one URL within your Cert. This would allow you to install just the one cert rather than having the cost and maint. of two.

new_networker Sat, 10/25/2008 - 23:00

If I were to use a single certificate for all the hosts within the same domain, what would be the common-name while setting up csr-params.

For e.g.: Domain is : xyz.com

Will the common name be : *.xyz.com

i.e. under 'crypto csr-params' it will be like 'common-name *.xyz.com'.

Please confirm.

Thanks.

Actions

This Discussion