Hi,
We've configured SSL offloading on a VIP...
policy-map multi-match VIPS-VLANxxx
class VIP-X.X.X.X-443
loadbalance vip inservice
loadbalance policy POLICY-X.X.X.X-443
loadbalance vip icmp-reply active
ssl-proxy server star.blah.com
ssl-proxy service star.blah.com
key star.blah.com
cert star.blah.com
the offloading is performed by using the wildcard certificate *.blah.com. This works for sites using a hostname *.blah.com...
So far, so good...
However, one of our users is testing his new site (bleh.com). This site is hosted behind the same x.x.x.x VIP. In his local hostfile, he pointed the domainname bleh.com to the same x.x.x.x VIP as we use for blah.com.
What happens next, is that his connection to bleh.com is offloaded by using the certificate *.blah.com (because this is what we've currently configured for the x.x.x.x VIP).
Is there any way to use multiple SSL certs for offloading on the SAME VIP? Or, do we have to use a different VIP where we can configure to do ssl-offloading by using a certificate for bleh.com?
I was hoping to consolidate a lot of VIP's, but right now this issue seems to force me using a VIP per hostname (when using ssl-offloading)
I'm not a cert specialist, my appologies for any weird descriptions...
regards,
Jeroen
Message was edited by: Jeroen Huysmans
