Solved: CSS 11500 SSL Configuration Change

ab_parkhi · ‎06-09-2007

Hi,

We have CSS 11500 CSS with SSL module,

Any change in SSL configuration need ssl service suspension which bring down complete SSL enviroment.

Is their any way to change the SSL configuration without downtime?

Is their any ways to bring only one site which has change while other are still up?

I had configured

One SSL-proxy-list which contains 100 sites certificates.

i had bind ssl-proxy-list to ssl service which points to ssl module in slot 0.

Please let me know best configuration to reduce SSL downtimes.

Thanks in Advance

Aniruddha

tprendergast · ‎06-11-2007

You only need to suspend the one you are working on.

View solution in original post

tprendergast · ‎06-11-2007

Aniruddha --

Unless you break out multiple proxy-lists, you will have to suspend the ssl environment to make a change. Once your change is complete, you can reactivate it.

There are a few schools of thought.

First, you can create ssl proxy-lists for each similar groups of sites. Your 100 certificates would then be broken out into a few groups, and you would minimize impact on your suspend/activate actions.

Second, you could just try to make your changes very quickly and minimize the ssl impact by using one proxy-list.

Third, you can create a lot of proxy-lists (one per content group). This is a ton of management and ends up being a problem instead of a solution.

Hope that helps,

Tim

Rate if you find this sufficient

ab_parkhi · ‎06-11-2007

if i have multiple ssl-proxy list ,do i need to suspend service before change in any ssl-proxy list?

tprendergast · ‎06-11-2007

You only need to suspend the one you are working on.