SSL Installation for webportal over load balancer

Radhe RD_Support · ‎10-13-2016

Hi

we have cisco load balancer, and connected 20 servers running same website,

we need to run that website over ssl certificate, so can we genrate csr over cisco load balancer and install ssl on loadbalancer, or we need to buy separate 20 ssl for server,

if it is possible in load balancer so how i can do that ?

load balancer cisco 7200.

Marvin Rhoads · ‎10-13-2016

Cisco 7200 series is a (discontinued) router, not a load balancer. I don't believe there was ever a load balancer module offered for that platform.

Maybe you have a 7600 with ACE module?

In any case, when you are doing SSL termination on a load balancer, you need only one certificate. You install the certificate and private key on the load balancer. The detailed procedure for doing so depend on your model and the version of software running on it. Generally speaking the configuration guide will have detailed steps.

Here's one page with detailed example on a Cisco ACE:

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_Routed_Mode_Configuration_Example

Radhe RD_Support · ‎10-20-2016

Yes That if 7206 Router, we are using it as Load balancer,

Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(15)T5, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac

So is it possible on that ?

Marvin Rhoads · ‎10-20-2016

Oh - you must be using the very old IOS Server Load Balancing feature.

I don't believe that platform ever offered SSL offload - it was only a crude (by current standards) load balancing function. Even if it did offer some limited SSL offload capability, it would not be suited for modern 2048-bit certificates. Those are much more compute intensive than the older 1024- or 768-bit ones. The 7206VXR would not be capable of handling any production workload if it tried to do all of the decryption on its limited CPU.