CSS11500 - SSL termination

shday · ‎10-25-2011

I have a client that will not use my domain in connectivity to an application I am hosting. They want to add an entry in thier DNS using thier domain, but resolve it to an address that I have configured as a VIP on my CSS. I am terminating SSL for this particular VIP and have multiple clients already connecting to this same VIP. Since I can't associate multiple certificates with a single VIP I was wondering is there a way that I can give this one client a seperate VIP and terminate the client certificate on my CSS and then rewrite the host header to look like my domain and hit the same VIP that all my other clients are hitting with the rewritten url.

So the client will input https://www.abc.com and it will resolve to 174.10.10.1 (VIP). The CSS will decrypt the SSL change the header to https://xyz.net which will resolve to 174.10.20.1 (leveraged VIP that all my other clients hit).

If the url rewrite won't work could I use the SSL initiate commands to make this work. My goal is to allow the client to use thier own domain in thier browser, but when it hits my backend servers it has to be from my hosted domain.

Daniel Arrondo Ostiz · ‎10-27-2011

Good afternoon,

I'm not sure to understand why you need to rewrite the host header or send the request back to the other VIP.

Since you are doing SSL termination, the backend connection (the one between the CSS and the server) will be using HTTP, so, the domain name would not have any impact.

What you should do is create a new SSL termination VIP and map it to the same HTTP content rule or server.

Don't hesitate to contact me again if you need further explanation on this.

Regards

Daniel