05-07-2007 03:36 AM
Hi,
Can i assign multiple certificates the the same VIP and virtual server? How will the content switch select the right certificates. Suppose i have two webservers http://www.webserver1.org http://www.webserver2.org. I only have one public ip add available for use, and i want to add SSL security on the content switch. Can i use one VIP and assign multiple rsakey's and rsacert to the same VIP. How will the content switch select the right certificate if I type https://www.webserver1.org i wan't to receive the right certificate.
For the moment i use different VIP's per SSL certificate but we are running out of public available vips.
Kind regards,
Frederik De Muyter.
05-09-2007 06:50 AM
For example in apache it's also not possible to do ssl on namebased virtual hosts so i think the content switch will also not support is.
05-22-2007 06:41 PM
Hello Frederik,
No, you cannot assign multiple certificates to the same VIP.
The problem is that you will have one Content rule listening on port 443, but if you try to create 2 ssl-servers with the same vip and port, the CSS wont allow you to activate it, because you cannot have 2 ssl-server with the same vip and port configured.
The trick here would be to use one domain working on normal https/443, and the other domain on https but on port 444 for example.
You will have 2 content rules with the same vip but with different ports, one listening on port 443, and the other one 444.
Now, you can have 2 ssl-servers on your ssl-proxy-list, with the same vip address, but with different ports.
With this setup the CSS is going to be able to use the specific cert for each domain.
Hope this help.
- Rodrigo
05-22-2007 09:55 PM
Hi Rodrigo,
Thank you for the help. I have another question regarding SSL Certificates.
Suppose I have the following proxylist.
ssl-proxy-list
ssl-server 9 rsacert ecms.railaccess.be.pem
ssl-server 9 rsakey ecms.railaccess.be.rsa
ssl-server 9 vip address 195.177.246.58
ssl-server 9 cipher rsa-with-rc4-128-sha 195.177.246.58 52994
content railaccess.be
vip address 195.177.246.54
protocol tcp
add service ssl_portal
port 443
active
content railaccess.be-redirect
vip address 195.177.246.54
redirect "https://www.railaccess.be"
protocol tcp
port 80
url "//www.railaccess.be/*"
active
content railaccess.be.backend
vip address 195.177.246.54
protocol tcp
port 52994
url "//www.railaccess.be/*"
redundant-index 146
add service proatriu0po21a0_railaccess
add service problock0po22a0_railaccess
active
I would like to create a new content rule that uses the same certificate but redirects to another server in the backend.
For example
the url
"www.railaccess.be/tracking"
should redirect to 2 other services
on port 80 for example.
How can i do this? Create a new SSL-server in the proxy-list that redirect to other port?
Kind regards and tnx for the help on the previous question.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: