Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
1
Replies

Two certs on one VIP IP in CSS

arnstran
Level 1
Level 1

‎10-24-2008 01:13 AM

How can I use two certs for two different hostnames on one VIP IP?

Can I do it with two ssl-proxy-lists with one of the certs in each, two content rules that each match one of the hostnames and redirect to one of two services that sends it to the same SSL module but using the correct ssl-proxy-list? Regards, Arnfinn

Labels:
0 Helpful
1 Reply 1

Syed Iftekhar Ahmed
Level 8
Level 8

‎10-24-2008 01:44 AM

only one ssl-proxy-list can be active at the

one time for an SSL module.You can have multiple ssl servers under a proxy list. In each server, you specify the VIP,port cert/key pair to use for authentication.

*BUT* you cannot create a proxy-list with multiple servers, when both servers are using the same VIP & POrt.

With same VIP & Same Port number (443) CSS cannot diffrentiate between the two.

One option could be to use differnt ports for two ssl-servers.

since the traffic is encrypted when it hits the vip, Layer 7 info cannot be used to differentiate traffic.

So only option left is to differentiate traffic by Layer 4 info.

Syed Iftekhar Ahmed

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card