Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
0
Helpful
3
Replies

CSS 11501S multiple certification assignment

patcocoon
Level 1
Level 1

‎11-22-2009 05:41 AM

Hello,

Is there a way to assign a key pair to two different virtual SSL servers, they differentiate only at the port.

Example

Virtual SSL Server1, Certification1 = 10.0.0.1:443   www.domain1.com

Virtual SSL Server2, Certification1 = 10.0.0.1:4443 www.domain1.com

(Cisco CSS 11501S-C Load Balancer)

Best regards,

Pat

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-23-2009 12:36 AM

yes, you can create multiple ssl-server on the CSS and select the one you would like to use based on the destination port.

Create the ssl-server inside the ssl-proxy list. One listening on port 443 and the other listening on port 4443

Just be aware that a certificate contains the domain name, and that client browsers complain when the ip address does not match domain name.

CSS11503-2(config-ssl-proxy-list[gdufour])#  ssl-server 1 por?
  port                Specify the ssl-server's Virtual Port

Gilles.

0 Helpful

patcocoon
Level 1
Level 1
In response to Gilles Dufour

‎11-23-2009 01:06 AM

In our case the domain name will matches the IP address of the both virtual servers so there should not be a problem for the browser. Because both servers will have the same IP, they will represent the same domain name and therefore they must use the same certificate / key pair.

Will be there any problem assigning the same certificate / key pair to different virtual SSL servers?

Pat

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to patcocoon

‎11-23-2009 05:23 AM

You can reuse the same key/cert. No problem there.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card