ACE: Single SSL Cert for two domains with same VIP

Answered Question
Mar 30th, 2009
User Badges:


At present I have a design that will use individual SSL cert per domain and link both certs to (two or one) serverfarm.



policy-map multi-match popvip_01


class POP_VIP01

loadbalance vip inservice

loadbalance policy POP-POp3_PMT or popPMT1

loadbalance vip icmp-reply

ssl-proxy server GINPOP_SSLPROXY

connection advanced-options TCP_PARAM_Y


class POP3_VIP02

loadbalance vip inservice

loadbalance policy POP-POp3_PMT or POPPMT2

loadbalance vip icmp-reply

ssl-proxy server GINPOP3_SSLPROXY

connection advanced-options TCP_PARAM_Y


however,


if I can get one single certificate to process both pop and pop3 domains, that use the same VIP/port, and if this will work with ACE, i'm inclined to design using this alternative.

ie,

pop.mydomain.com = 10.10.10.1 995

pop3.mydomain.com = 10.10.10.1 995


Any suggestions would be appriciated.


Correct Answer by JamesLuther about 8 years 3 months ago

Hello,


In order to achieve this then you will need to order a wildcard certifictae ie


*.mydomain.com


These certificates are more expensive and so you will probably find it cheaper to buy two certificates than one wildcard certificate.



Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
JamesLuther Mon, 03/30/2009 - 03:04
User Badges:
  • Silver, 250 points or more

Hello,


In order to achieve this then you will need to order a wildcard certifictae ie


*.mydomain.com


These certificates are more expensive and so you will probably find it cheaper to buy two certificates than one wildcard certificate.



Regards

Actions

This Discussion