cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
339
Views
6
Helpful
2
Replies
Highlighted
Beginner

SSL Termination without downtime when adding SSL servers

Hi,

We have a number of SSL servers defined in a ssl-proxy-list on a CSS 11501 running 7.50.1.03. The ssl-proxy list is used in a HTTPS termination service.

When we want to add another SSL server to the ssl-proxy-list, I have to suspend the list, add the new SSL server and then activate the list. Even though the interruption is short, these steps make the current SSL server unavailable during the process. Is there a way to make the change without affecting availability of the existing servers?

Also, if we are using box-to-box redundancy, would there be away to solve the above problem (unless there is an easier solution)?

Thanks in advance for your help!

Regards,

Harald

2 REPLIES 2
Highlighted
Beginner

If your using box to box, make the change in the backup. Then force the backup to master (some flows will be lost) (force master command) finnaly change the config in the new backup

Highlighted

I agree with diro. This is how we do on our gears. Do it on the backup and then trigger a failover, do it on the other box now.

There is one more way. Try constructing a new proxy-list in parallel to the existing one. Yes you can have multiple proxy-lists (256?) but only one can be active. When ready suspend current proxy-list, remove it from the ssl-mod-service as well and add the new one.

thanks

Content for Community-Ad
This widget could not be displayed.