Hi all, I have a problem regarding configuration of certificates on ACE, I have one serverfarm with two realservers, those server runs three different domains on same VIP (Apache handle which one is presented to the user), we want to put https to those servers running SSL Termination, but I cant figure it out if that can be achieved with only one VIP or if I need three VIPs, one for each one and associate each of those to one certificate. (With only one I can use certificate chains?). Other thing that sounds reasonable to me is use class maps with L7 policys matching URLs, in that case I believe that can be achieved with one VIP, but if anyone knows please help.
You are welcome. Yes if you have multiple domains you should have different certificates for reason obvious to security. If you have one domain and many sub-domains you can use a wildcard certificate. If you have domains which differ like abc.com and abc.net, abc.org, you can use SANS certificates and yes ACE can take L7 decisions/read L7 data like cookie etc after SSL handshake and take decisions accordingly as illustrated in the config example i have pasted above. If you have any questions in future related to this please feel free to ask:)