Solved: Re: CSS SSL termination on transparent mode

lamadam · ‎01-22-2008

Is it possible if I have one IP address on my CSS and I would like to enable the SSL termination service? I seem not work. Is it a configuration problem or SW limitation?

This is my CSS configuration.

==============================

ABC-CSS01# sh run

!Generated on 01/22/2008 10:36:42

!Active version: sg0750205

configure

!*************************** GLOBAL ***************************

no restrict web-mgmt

logging buffer 64000

ssl associate rsakey myrsakey1 myrsakey.pem

ssl associate cert mychainedrsacert1 myrsakey2.cer

ssl associate dhparam 1 dahshing_dh.pem

ip route 0.0.0.0 0.0.0.0 172.27.2.1 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address 172.27.2.9 255.255.255.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl-list

ssl-server 20

ssl-server 20 vip address 172.27.2.8

ssl-server 20 cipher rsa-with-des-cbc-sha 172.27.2.53 80

ssl-server 20 cipher rsa-with-3des-ede-cbc-sha 172.27.2.53 80

ssl-server 20 cipher rsa-with-rc4-128-sha 172.27.2.53 80

ssl-server 20 cipher rsa-with-rc4-128-md5 172.27.2.53 80

ssl-server 20 rsacert mychainedrsacert1

ssl-server 20 rsakey myrsakey1

active

!************************** SERVICE **************************

service uatsec1

protocol tcp

ip address 172.27.2.53

keepalive type tcp

port 80

active

service www

type ssl-accel

add ssl-proxy-list ssl-list

keepalive type none

slot 2

active

!**************************** EQL ****************************

eql Cacheable

description "This EQL contains extensions of cacheable content"

extension pdf "Acrobat"

extension fdf "Acrobat Forms Document"

extension au "Sound audio/basic"

extension bmp "Bitmap Image"

extension z "Compressed data application/x-compress"

extension gif "GIF Image image/gif"

extension html "Hypertext Markup Language text/html"

extension htm

extension js "Java script application/x-javascript"

extension mocha

extension jpeg "JPEG image image/jpeg"

extension jpg

extension jpe

extension jfif

extension pjpeg

extension pjp

extension mp2 "MPEG Audio audio/x-mpeg"

extension mpa

extension abs

extension mpeg "MPEG Video video/mpeg"

extension mpg

extension mpe

extension mpv

extension vbs

extension m1v

extension pcx "PCX Image"

extension txt "Plain text text/plain"

extension text

extension mov "QuickTime video/quicktime"

extension tiff "TIFF Image image/tiff"

extension tar "Unix Tape Archive application/x-tar"

extension avi "Video for Windows video/x-msvideo"

extension wav "Wave File audio/x-wav"

extension gz "application/x-gzip"

extension zip "ZIP file application/x-zip-compressed"

!*************************** OWNER ***************************

owner ssl_owner

content ssl

port 443

vip address 172.27.2.8

protocol tcp

application ssl

add service www

active

==================================

Thank you.

Adam Lam

tjcouey · ‎01-30-2008

Add This to your owner:

content ssl_80

vip address 172.27.2.8

protocol tcp

port 80

url "/*"

service uatsec1

active

you need to reference a port 80 rule for the ssl list to use.

View solution in original post

smahbub · ‎01-28-2008

the problem description as being an issue with installing certificates on the SSL module.

paste 'script play showtech'.

tjcouey · ‎01-30-2008

Add This to your owner:

content ssl_80

vip address 172.27.2.8

protocol tcp

port 80

url "/*"

service uatsec1

active

you need to reference a port 80 rule for the ssl list to use.