ACE: Single SSL Cert for two domains with same VIP

Answered Question
Mar 30th, 2009

At present I have a design that will use individual SSL cert per domain and link both certs to (two or one) serverfarm.

policy-map multi-match popvip_01

class POP_VIP01

loadbalance vip inservice

loadbalance policy POP-POp3_PMT or popPMT1

loadbalance vip icmp-reply

ssl-proxy server GINPOP_SSLPROXY

connection advanced-options TCP_PARAM_Y

class POP3_VIP02

loadbalance vip inservice

loadbalance policy POP-POp3_PMT or POPPMT2

loadbalance vip icmp-reply

ssl-proxy server GINPOP3_SSLPROXY

connection advanced-options TCP_PARAM_Y

however,

if I can get one single certificate to process both pop and pop3 domains, that use the same VIP/port, and if this will work with ACE, i'm inclined to design using this alternative.

ie,

pop.mydomain.com = 10.10.10.1 995

pop3.mydomain.com = 10.10.10.1 995

Any suggestions would be appriciated.

Correct Answer by JamesLuther about 7 years 10 months ago

Hello,

In order to achieve this then you will need to order a wildcard certifictae ie

*.mydomain.com

These certificates are more expensive and so you will probably find it cheaper to buy two certificates than one wildcard certificate.

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
JamesLuther Mon, 03/30/2009 - 03:04

Hello,

In order to achieve this then you will need to order a wildcard certifictae ie

*.mydomain.com

These certificates are more expensive and so you will probably find it cheaper to buy two certificates than one wildcard certificate.

Regards

Actions

This Discussion