cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
572
Views
0
Helpful
2
Replies

SSL Certificate Question

pingwarrior
Level 1
Level 1

Hi, I have a question. I have 2 CSS11501 to load balance 2 SSL Web Server(https) where I just simply load balance SSL traffic without terminating SSL traffic inside CSS(no SSL module). I am going to request 2 SSL certificates from CA where "host" of subject in certificate is not domain name but is IP address. Normally people will use domain name such as abc.com to submit their signing request of certificate to CA, but in my case where I not using domain name in my network, thus I will use IP address to submit the signing request of certificate to CA. My question is the IP address of the "host" of certificate for submitting certificate signing request have to be virtual IP of content rule or the real IP address of each server respectively?

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

the browser checks if the name inside the certificate matches with the host name typed in the url.

Since you are using ip addresses, I believe you need to use the virtual ip as this is what the user will type.

So, 1 certificate should be enough.

Gilles.

View solution in original post

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

the browser checks if the name inside the certificate matches with the host name typed in the url.

Since you are using ip addresses, I believe you need to use the virtual ip as this is what the user will type.

So, 1 certificate should be enough.

Gilles.

Thanks qdufour for your quick answer and help. Your answer make sense and I will try it out.

Review Cisco Networking for a $25 gift card