05-19-2008 07:10 AM
How would I have two urls point to one vip with ssl termination enabled on the ace. Is it as simple as adding the second cert/key pair to the ssl-proxy service?
05-19-2008 07:37 AM
NO !!!
A certificate is always associated to a singe website/server name and your server name will resolved to a single ip address which is a vip.
In other words, you need 2 vip if you have 2 websites.
Another reason is that you only know the Hostname inside the client request after decrypting the traffic and to decrypt the traffic you need to know which certificate to use.
Therefore you can't use a single vip for 2 websites as you won't be able to determine which certificate to use.
Gilles.
05-19-2008 03:56 PM
Gilles
Would a wildcard certificate work in this sitution?
*.abc.com
05-20-2008 12:54 AM
Yes.
A wildcard certificate is a good solution assuming your sites are part of the same domain.
In this case a single certificate is enough to the SSL part and you can then use the decoded info to detect which website the client is looking for.
Gilles.
10-14-2008 06:21 PM
Hi Gilles,
I'm trying to set up something similar (Wildard cert for multiple sites using the same domain). Could you please share a sample configuration?
Thanks,
John
05-30-2008 06:27 AM
You can also associate more than one URL within your Cert. This would allow you to install just the one cert rather than having the cost and maint. of two.
10-25-2008 11:00 PM
If I were to use a single certificate for all the hosts within the same domain, what would be the common-name while setting up csr-params.
For e.g.: Domain is : xyz.com
Will the common name be : *.xyz.com
i.e. under 'crypto csr-params' it will be like 'common-name *.xyz.com'.
Please confirm.
Thanks.
10-25-2008 11:47 PM
You are right.
common-name *.xyz.com
in the csr-param will do.
Syed iftekhar Ahmed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide