CSS multiple domain names with one VIP !!

Answered Question
Mar 23rd, 2009

Dear All,


I Have CSS 11503 with SSL module, the question is :


Can i have 5 domain names i.e.

mydomainname1.com

mydomainname2.com

mydomainname3.com

mydomainname4.com

mydomainname5.com


all pointing to the same VIP ? or 5 different VIP has to be there ?? and also just to confirm i would need to generate 5 certificates ?




please advice !!

thanks,

Hasan Odeh


Correct Answer by Gilles Dufour about 7 years 11 months ago

Hasan,


this is recurrent question.

The answer is : you need multiple vip.


The reason is because to see the domain name you need to first decrypt the ssl application data to see the http request.


To decrypt the ssl data, you need to know which certificate to use.


The certificate is linked to a domain name.


So you need to know the domain name before you can decrypt.


The only way to do this, is to assign a different vip to each domain.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Mon, 03/23/2009 - 09:04

Hasan,


this is recurrent question.

The answer is : you need multiple vip.


The reason is because to see the domain name you need to first decrypt the ssl application data to see the http request.


To decrypt the ssl data, you need to know which certificate to use.


The certificate is linked to a domain name.


So you need to know the domain name before you can decrypt.


The only way to do this, is to assign a different vip to each domain.


Gilles.

hassan_oudeh Mon, 03/23/2009 - 13:23

Thanks Gilles,


That was exactly the answer im looking for ...


if i create 5 VIP IP address but actually all those 5 VIP will be pointing to 2 servers with virtual host (im having an IBM WebSphere http service)...


Is there any special configurations i need to take under my consideration with the application team !


best regards,

Gilles Dufour Tue, 03/24/2009 - 01:32

Hassan,


nothing special to do on the server side.

If it works in plain htttp, it will work with the CSS terminating SSL connections.


Gilles

Actions

This Discussion