08-05-2015 10:15 AM
We're using the Stingray Traffic Manager Virtual Appliance 9.9, and we're having an issue with the SSL Decryption configuration. We have a number of different domain names and some wildcard certs. Here's a subset of that mapping:
Default certificate: gamma.com-wildcard
*.alpha.cc -> alpha.cc wildcard
*.alpha.com -> alpha.com wildcard
*.beta.gamma.com -> 2015-07-beta-wildcard
*.gamma.com -> gamma.com-wildcard
*.gamma.org -> gamma.org-wildcard
Recently our LBs have been serving the wrong cert for systems like toaster.beta.gamma.com - we expect the 2015-07-beta-wildcard cert to be presented with this configuration, but instead the gamma.com-wildcard cert is presented (and because wildcard certs are just one level deep, we get an SSL error from that).
Anyone have any ideas? The problem started when we installed newer certs for the *.beta.gamma.com, but switching back to the old cert didn't fix the mapping (we have tools that take automated backups of our config and save to github, so we have diffs of our changes in SteelApp.