SSL configuration question

Unanswered Question
May 7th, 2007
User Badges:

Hi,


Can i assign multiple certificates the the same VIP and virtual server? How will the content switch select the right certificates. Suppose i have two webservers http://www.webserver1.org http://www.webserver2.org. I only have one public ip add available for use, and i want to add SSL security on the content switch. Can i use one VIP and assign multiple rsakey's and rsacert to the same VIP. How will the content switch select the right certificate if I type https://www.webserver1.org i wan't to receive the right certificate.

For the moment i use different VIP's per SSL certificate but we are running out of public available vips.


Kind regards,


Frederik De Muyter.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
RODRGUTI Tue, 05/22/2007 - 18:41
User Badges:

Hello Frederik,


No, you cannot assign multiple certificates to the same VIP.


The problem is that you will have one Content rule listening on port 443, but if you try to create 2 ssl-servers with the same vip and port, the CSS wont allow you to activate it, because you cannot have 2 ssl-server with the same vip and port configured.


The trick here would be to use one domain working on normal https/443, and the other domain on https but on port 444 for example.


You will have 2 content rules with the same vip but with different ports, one listening on port 443, and the other one 444.


Now, you can have 2 ssl-servers on your ssl-proxy-list, with the same vip address, but with different ports.


With this setup the CSS is going to be able to use the specific cert for each domain.


Hope this help.


- Rodrigo

Frederik1980 Tue, 05/22/2007 - 21:55
User Badges:

Hi Rodrigo,


Thank you for the help. I have another question regarding SSL Certificates.

Suppose I have the following proxylist.

ssl-proxy-list

ssl-server 9 rsacert ecms.railaccess.be.pem

ssl-server 9 rsakey ecms.railaccess.be.rsa

ssl-server 9 vip address 195.177.246.58

ssl-server 9 cipher rsa-with-rc4-128-sha 195.177.246.58 52994


content railaccess.be

vip address 195.177.246.54

protocol tcp

add service ssl_portal

port 443

active


content railaccess.be-redirect

vip address 195.177.246.54

redirect "https://www.railaccess.be"

protocol tcp

port 80

url "//www.railaccess.be/*"

active


content railaccess.be.backend

vip address 195.177.246.54

protocol tcp

port 52994

url "//www.railaccess.be/*"

redundant-index 146

add service proatriu0po21a0_railaccess

add service problock0po22a0_railaccess

active


I would like to create a new content rule that uses the same certificate but redirects to another server in the backend.

For example

the url

"www.railaccess.be/tracking"

should redirect to 2 other services

on port 80 for example.

How can i do this? Create a new SSL-server in the proxy-list that redirect to other port?


Kind regards and tnx for the help on the previous question.




Actions

This Discussion