Solved: CSS multiple domain names with one VIP !!

hassan_oudeh · ‎03-23-2009

Dear All,

I Have CSS 11503 with SSL module, the question is :

Can i have 5 domain names i.e.

mydomainname1.com

mydomainname2.com

mydomainname3.com

mydomainname4.com

mydomainname5.com

all pointing to the same VIP ? or 5 different VIP has to be there ?? and also just to confirm i would need to generate 5 certificates ?

please advice !!

thanks,

Hasan Odeh

Gilles Dufour · ‎03-23-2009

Hasan,

this is recurrent question.

The answer is : you need multiple vip.

The reason is because to see the domain name you need to first decrypt the ssl application data to see the http request.

To decrypt the ssl data, you need to know which certificate to use.

The certificate is linked to a domain name.

So you need to know the domain name before you can decrypt.

The only way to do this, is to assign a different vip to each domain.

Gilles.

View solution in original post

Gilles Dufour · ‎03-23-2009

Hasan,

this is recurrent question.

The answer is : you need multiple vip.

The reason is because to see the domain name you need to first decrypt the ssl application data to see the http request.

To decrypt the ssl data, you need to know which certificate to use.

The certificate is linked to a domain name.

So you need to know the domain name before you can decrypt.

The only way to do this, is to assign a different vip to each domain.

Gilles.

hassan_oudeh · ‎03-23-2009

Thanks Gilles,

That was exactly the answer im looking for ...

if i create 5 VIP IP address but actually all those 5 VIP will be pointing to 2 servers with virtual host (im having an IBM WebSphere http service)...

Is there any special configurations i need to take under my consideration with the application team !

best regards,

Gilles Dufour · ‎03-24-2009

Hassan,

nothing special to do on the server side.

If it works in plain htttp, it will work with the CSS terminating SSL connections.

Gilles