Multiple Server-SSL Template

jyce

Hi gurus,

I am running A-10 on a cluster of TH1030S with version: 2.7.2-P7-SP3(build: 3)

I have one virtual service configured with SNI on outside (Client-SSL Template) to handle multiple https web site on a single ip. Some web site have to be configured to SSL offloading while others have to be configured to "another" SSL Certificate between the Loadbalancer and the Web Server.
I have 2 questions:
- How can I handle SSL Offloading for some specific domain on a single Virtual Service ?
- How can I handle different certificate between A-10 Loadblancer and Web Servers ?

I have attached a simple schema of my configuration.
Don't hesitate to ask, if my question are not clear :-)

Thanks & Best Regards
Jean-Christophe

siddharthaa

Hi

The client-SSL template bound to the virtual port can contain multiple certificates. When you add a certificate and key to a client-SSL template, you can specify the domain name (“server name”) that the certificate and key belong to.

Example:

slb template client-ssl cssl
cert def_cert
key def_key
server-name www.example2.com cert cert2 key key2 pass-phrase pass2
server-name mail.example.com cert cert3 key key3 pass-phrase pass3

When a client sends an SSL session setup request to the VIP, ACOS sends the server certificate for the requested domain name, based on the configuration in the client-SSL template. In this case, the “cert2” and “cert3” certificates are used for SSL session setup requests to domains www.example2.com and mail.example.com, respectively.

The “def_cert” certificate is used for requests to any other domain name, such
as www.example.com.