05-09-2003 01:09 PM
Can I add more than one proxy-list to an ssl service?
Solved! Go to Solution.
05-12-2003 12:51 PM
From the documentation at :
-------------------
Each SSL proxy list can have up to 256 virtual SSL servers.
Each service may have only one SSL proxy list configured on it. You may only have one active SSL service per slot in the chassis. You can configure more than one on a slot but only one can be activated at a time.
Content rules can have multiple SSL services.
---------------------
So one SSL modeul -> 1 service -> 1 list
Gilles.
05-12-2003 12:51 PM
From the documentation at :
-------------------
Each SSL proxy list can have up to 256 virtual SSL servers.
Each service may have only one SSL proxy list configured on it. You may only have one active SSL service per slot in the chassis. You can configure more than one on a slot but only one can be activated at a time.
Content rules can have multiple SSL services.
---------------------
So one SSL modeul -> 1 service -> 1 list
Gilles.
05-12-2003 01:06 PM
Thank you.
I was trying to figure out how to have multiple certs and servers and just figured out that they all have to be under one proxy-list if you have just one ssl module and that service can be assigned to multiple content rules.
09-28-2006 08:09 AM
I'm trying to find out some info regarding configuring SSL loadbalancing on a CSS11503 with an SSL module and this post seems close to what I'm trying to achieve.
We want to load balance one SSL site using 2 back end SSL servers, and another SSL site using 2 different back end SSL servers.
I've read that you can only use one SSL module per type ssl_accel service. If I configure all the servers in the same SSL proxy-list, then I'll have no way of distinguishing between which back end servers in the proxy list I want to hit with content rules??
Is what I want to achieve possible or do I need another SSL module
09-28-2006 10:56 PM
inside the ssl-proxylist, you can configure virtual server [that's the ip address on which the module listen and receive encrypted traffic], and for each virtual server you have to specify at least one cipher method, and for each cipher method you have to specify where to send the decrypted traffic. Usually the decrypted traffic is sent to a content rule on the CSS where you can then loadbalance between backend-servers.
So, in your ssl-proxy-list you will have 2 servers, each listenting on a specific ip:port and redirecting decrypted traffic to again a specific ip:port.
By using different ip:port you can achieve what you want.
Gilles.
09-28-2006 11:59 PM
Hi Gilles,
Thanks for your prompt response. For this project, the backend servers are also SSL, so the incoming SSL request is decrypted, and then another SSL session set up to the backend servers. Would this work in this case?
Also, when configuring back-end servers within a proxy list, what's the difference between the 'ip address' command and the 'server-ip' command?
Many Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide