cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
0
Helpful
1
Replies

Two certs on one VIP IP in CSS

arnstran
Level 1
Level 1

How can I use two certs for two different hostnames on one VIP IP?

Can I do it with two ssl-proxy-lists with one of the certs in each, two content rules that each match one of the hostnames and redirect to one of two services that sends it to the same SSL module but using the correct ssl-proxy-list? Regards, Arnfinn

1 Reply 1

only one ssl-proxy-list can be active at the

one time for an SSL module.You can have multiple ssl servers under a proxy list. In each server, you specify the VIP,port cert/key pair to use for authentication.

*BUT* you cannot create a proxy-list with multiple servers, when both servers are using the same VIP & POrt.

With same VIP & Same Port number (443) CSS cannot diffrentiate between the two.

One option could be to use differnt ports for two ssl-servers.

since the traffic is encrypted when it hits the vip, Layer 7 info cannot be used to differentiate traffic.

So only option left is to differentiate traffic by Layer 4 info.

Syed Iftekhar Ahmed

Review Cisco Networking for a $25 gift card