Hi,

We've configured SSL offloading on a VIP...

policy-map multi-match VIPS-VLANxxx

  class VIP-X.X.X.X-443

    loadbalance vip inservice

    loadbalance policy POLICY-X.X.X.X-443

    loadbalance vip icmp-reply active

    ssl-proxy server star.blah.com

ssl-proxy service star.blah.com

  key star.blah.com

  cert star.blah.com

the offloading is performed by using the wildcard certificate *.blah.com. This works for sites using a hostname *.blah.com...

So far, so good...

However, one of our users is testing his new site (bleh.com). This site is hosted behind the same x.x.x.x VIP. In his local hostfile, he pointed the domainname bleh.com to the same x.x.x.x VIP as we use for blah.com.

What happens next, is that his connection to bleh.com is offloaded by using the certificate *.blah.com (because this is what we've currently configured for the x.x.x.x VIP).

Is there any way to use multiple SSL certs for offloading on the SAME VIP? Or, do we have to use a different VIP where we can configure to do ssl-offloading by using a certificate for bleh.com?

I was hoping to consolidate a lot of VIP's, but right now this issue seems to force me using a VIP per hostname (when using ssl-offloading)

I'm not a cert specialist, my appologies for any weird descriptions...

regards,

Jeroen

Message was edited by: Jeroen Huysmans