Thank you.

I was trying to figure out how to have multiple certs and servers and just figured out that they all have to be under one proxy-list if you have just one ssl module and that service can be assigned to multiple content rules.

I'm trying to find out some info regarding configuring SSL loadbalancing on a CSS11503 with an SSL module and this post seems close to what I'm trying to achieve.

We want to load balance one SSL site using 2 back end SSL servers, and another SSL site using 2 different back end SSL servers.

I've read that you can only use one SSL module per type ssl_accel service. If I configure all the servers in the same SSL proxy-list, then I'll have no way of distinguishing between which back end servers in the proxy list I want to hit with content rules??

Is what I want to achieve possible or do I need another SSL module

inside the ssl-proxylist, you can configure virtual server [that's the ip address on which the module listen and receive encrypted traffic], and for each virtual server you have to specify at least one cipher method, and for each cipher method you have to specify where to send the decrypted traffic. Usually the decrypted traffic is sent to a content rule on the CSS where you can then loadbalance between backend-servers.

So, in your ssl-proxy-list you will have 2 servers, each listenting on a specific ip:port and redirecting decrypted traffic to again a specific ip:port.

By using different ip:port you can achieve what you want.

Gilles.

Hi Gilles,

Thanks for your prompt response. For this project, the backend servers are also SSL, so the incoming SSL request is decrypted, and then another SSL session set up to the backend servers. Would this work in this case?

Also, when configuring back-end servers within a proxy list, what's the difference between the 'ip address' command and the 'server-ip' command?

Many Thanks