CSS 11501S multiple certification assignment

patcocoon · ‎11-22-2009

Hello,

Is there a way to assign a key pair to two different virtual SSL servers, they differentiate only at the port.

Example

Virtual SSL Server1, Certification1 = 10.0.0.1:443 www.domain1.com

Virtual SSL Server2, Certification1 = 10.0.0.1:4443 www.domain1.com

(Cisco CSS 11501S-C Load Balancer)

Best regards,

Pat

Gilles Dufour · ‎11-23-2009

yes, you can create multiple ssl-server on the CSS and select the one you would like to use based on the destination port.

Create the ssl-server inside the ssl-proxy list. One listening on port 443 and the other listening on port 4443

Just be aware that a certificate contains the domain name, and that client browsers complain when the ip address does not match domain name.

CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 por?
port Specify the ssl-server's Virtual Port

Gilles.

patcocoon · ‎11-23-2009

In our case the domain name will matches the IP address of the both virtual servers so there should not be a problem for the browser. Because both servers will have the same IP, they will represent the same domain name and therefore they must use the same certificate / key pair.

Will be there any problem assigning the same certificate / key pair to different virtual SSL servers?

Pat

Gilles Dufour · ‎11-23-2009

You can reuse the same key/cert. No problem there.

Gilles.