Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1450
Views
0
Helpful
4
Replies

SSL Redundancy?

Go to solution
carlsond
Level 1
Level 1

‎10-17-2005 10:48 AM

I have two CSMs and two SSL Modules in seperate chasis. The CSMs are in FT mode and I want to load balance against the two SSL modules. Do I need to purchase a certificate for both SSL modules for every service? If not, how do I install the cert for a given service on both modules??

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to carlsond

‎10-18-2005 10:43 PM

Depends how you created your key.

If you did it on the SSLM itself, and if you specified the keyword 'exportable', you should be able to dexport the key with the command 'crypto ca export ...'

See more info in the 2 links below.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d1c8.shtml

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d193.shtml

As a general remark I always recommend to generate keys,certificates and CSR on a separate machine [like a linux server]. It's then easier to import all the info to all your modules.

Regards,

Gilles.

Thanks for rating this answer.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎10-18-2005 02:37 AM

the fact that you have 2 ssl modules does not matter.

Simply add your certificate to each module separately even if this is the same certificate.

Gilles.

0 Helpful

Go to solution
carlsond
Level 1
Level 1
In response to Gilles Dufour

‎10-18-2005 06:30 AM

Thank you.

Is there any chance you could tell me how to go about doing this?? I get the following message when I try adding the cert. "Certificate does not contain router's General Purpose public key for trust point test-tp" I'm guessing I need to copy the keys from the 1st SSL mod but can't find the proccess.

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to carlsond

‎10-18-2005 10:43 PM

Depends how you created your key.

If you did it on the SSLM itself, and if you specified the keyword 'exportable', you should be able to dexport the key with the command 'crypto ca export ...'

See more info in the 2 links below.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d1c8.shtml

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d193.shtml

As a general remark I always recommend to generate keys,certificates and CSR on a separate machine [like a linux server]. It's then easier to import all the info to all your modules.

Regards,

Gilles.

Thanks for rating this answer.

0 Helpful

Go to solution
carlsond
Level 1
Level 1
In response to Gilles Dufour

‎10-19-2005 07:25 AM

Thanks. I finally did figure it out but as usual with the CSM/SSL mods never did find the docs. I will file these for future use..

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card