Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
0
Helpful
2
Replies

CSS11501 HTTPS Doubt

Hugo Caye
Level 1
Level 1

‎05-16-2010 06:05 PM

Hi there,


We have a CSS11501 box with no SSL module.

In just a VIP we are load sharing four HTTP/HTTPS servers and certificates installed in the IIS servers.

With the only one VIP and the same certificate in the servers, we're trying to do the following

Forward HTTP://www.domain.com/application1/ AND HTTPS://www.domain.com/application1/ to the first four IIS servers.

Forward HTTP://www.domain.com/application2/ AND HTTPS://www.domain.com/application2/ to other two Apache servers.

Question: Is it possible to achieve with a CSS box with no SSL module?


PS: I think that it's not possible because the certificate exchange/verification occurs before the browser sends the HTTPS request. The CSS box doesn't know to which server send the request because the request itself is encrypted and the CSS is just blindly forwardig the tcp/443 packets to the back-end servers.

Thanks,

Hugo

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-17-2010 05:08 AM

Without an SSL module you will not be able to see the url...it is encrypted...so no this is no possible.

With an ssl module, you can decrypt and then identify the application and select the right server.

However, you will not be able to use different key/certificate per application since you need to decrypt to identify the application.

Thereare what is called wildcard certificate which can regroup multiple applications of a single domain.

Gilles.

0 Helpful

Hugo Caye
Level 1
Level 1
In response to Gilles Dufour

‎05-17-2010 12:34 PM

Gilles,

Thank you a lot.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card