01-22-2008 03:07 AM
Is it possible if I have one IP address on my CSS and I would like to enable the SSL termination service? I seem not work. Is it a configuration problem or SW limitation?
This is my CSS configuration.
==============================
ABC-CSS01# sh run
!Generated on 01/22/2008 10:36:42
!Active version: sg0750205
configure
!*************************** GLOBAL ***************************
no restrict web-mgmt
logging buffer 64000
ssl associate rsakey myrsakey1 myrsakey.pem
ssl associate cert mychainedrsacert1 myrsakey2.cer
ssl associate dhparam 1 dahshing_dh.pem
ip route 0.0.0.0 0.0.0.0 172.27.2.1 1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 172.27.2.9 255.255.255.0
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list ssl-list
ssl-server 20
ssl-server 20 vip address 172.27.2.8
ssl-server 20 cipher rsa-with-des-cbc-sha 172.27.2.53 80
ssl-server 20 cipher rsa-with-3des-ede-cbc-sha 172.27.2.53 80
ssl-server 20 cipher rsa-with-rc4-128-sha 172.27.2.53 80
ssl-server 20 cipher rsa-with-rc4-128-md5 172.27.2.53 80
ssl-server 20 rsacert mychainedrsacert1
ssl-server 20 rsakey myrsakey1
active
!************************** SERVICE **************************
service uatsec1
protocol tcp
ip address 172.27.2.53
keepalive type tcp
port 80
active
service www
type ssl-accel
add ssl-proxy-list ssl-list
keepalive type none
slot 2
active
!**************************** EQL ****************************
eql Cacheable
description "This EQL contains extensions of cacheable content"
extension pdf "Acrobat"
extension fdf "Acrobat Forms Document"
extension au "Sound audio/basic"
extension bmp "Bitmap Image"
extension z "Compressed data application/x-compress"
extension gif "GIF Image image/gif"
extension html "Hypertext Markup Language text/html"
extension htm
extension js "Java script application/x-javascript"
extension mocha
extension jpeg "JPEG image image/jpeg"
extension jpg
extension jpe
extension jfif
extension pjpeg
extension pjp
extension mp2 "MPEG Audio audio/x-mpeg"
extension mpa
extension abs
extension mpeg "MPEG Video video/mpeg"
extension mpg
extension mpe
extension mpv
extension vbs
extension m1v
extension pcx "PCX Image"
extension txt "Plain text text/plain"
extension text
extension mov "QuickTime video/quicktime"
extension tiff "TIFF Image image/tiff"
extension tar "Unix Tape Archive application/x-tar"
extension avi "Video for Windows video/x-msvideo"
extension wav "Wave File audio/x-wav"
extension gz "application/x-gzip"
extension zip "ZIP file application/x-zip-compressed"
!*************************** OWNER ***************************
owner ssl_owner
content ssl
port 443
vip address 172.27.2.8
protocol tcp
application ssl
add service www
active
==================================
Thank you.
Adam Lam
Solved! Go to Solution.
01-30-2008 11:07 AM
Add This to your owner:
content ssl_80
vip address 172.27.2.8
protocol tcp
port 80
url "/*"
service uatsec1
active
you need to reference a port 80 rule for the ssl list to use.
01-28-2008 08:48 AM
the problem description as being an issue with installing certificates on the SSL module.
paste 'script play showtech'.
01-30-2008 11:07 AM
Add This to your owner:
content ssl_80
vip address 172.27.2.8
protocol tcp
port 80
url "/*"
service uatsec1
active
you need to reference a port 80 rule for the ssl list to use.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: