Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
1
Replies

SSl Configuration.

ravi.saini
Level 1
Level 1

‎02-12-2004 10:06 AM

Hi.

A customer has an existing web solution pointing directly to his servers. His new requirement is to offload ssl termination onto a css 11501.

The customer only has one server. However he has multiple web sites pointing to different ports on the single server.

Can this configuration be carried out on a css using ssl?

More to the point how do I represent this configuration in a ssl-server proxy list. Can I have different digital certificates.

ie ?

ssl-proxy-list goose_n_moose

ssl-server 20

ssl-server 20 vip address 14.2.6.20

ssl-server 20 cipher rsa-with-rc4-128-md5 14.2.6.20 80

ssl-server 20 rsakey goosekey

ssl-server 20 rsacert goosecert

ssl-server 25

ssl-server 25 vip address 14.2.6.20

ssl-server 25 cipher rsa-with-rc4-128-md5 14.2.6.20 8001

ssl-server 25 rsacert moosecert

ssl-server 25 rsakey moosekey

Labels:
0 Helpful
1 Reply 1

stevehall
Level 1
Level 1

‎02-12-2004 12:03 PM

Ravi,

The only problem is that the 2 ssl servers have the same matching criteria. They both match on the same IP address and port (default 443). The CSS has no way of distinguishing a request to goose from a request to moose. They would need either a different VIP address, or a different SSL port (444 for ex). The obstacle is that most clients will go to port 443, and will not know to change the destination port.

so- to sum up, you will probably need different VIP addresses so we can differentiate requests that go to different SSL servers.

-Steve

0 Helpful
Customers Also Viewed These Support Documents