Multiple SSL terminations - 1 CSS11506

Unanswered Question

Well the questions keep coming.

Can anyone point me in the right direction for setting up multiple SSL terminations, 443 port for them all and multiple VIPS. So far I have one SSL site working but when i try to make my 2nd ssl proxy list active it says only one active at a time. So looking for sample configs to make this happen.

Cheers

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Thu, 05/10/2007 - 13:45

You can only have one proxy list per ssl module.

You define multiple ssl server statements for multiple vips.

Syed

Thanks man, I read up a bit more and figured that out..Here is my config so far...

ssl associate rsakey myrsakey1 CSSrsakey1

ssl associate cert myrsacert1 CSScertfile1

ssl associate rsakey myrsakey2 CSSrsakey2

ssl associate cert myrsacert2 CSScertfile2

ip route 0.0.0.0 0.0.0.0 192.168.20.1 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.20.20 255.255.255.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl-list

ssl-server 90

ssl-server 90 vip address 192.168.20.100

ssl-server 90 cipher rsa-with-des-cbc-sha 192.168.20.50 80

ssl-server 90 cipher rsa-with-3des-ede-cbc-sha 192.168.20.50 80

ssl-server 90 cipher rsa-with-rc4-128-sha 192.168.20.50 80

ssl-server 90 cipher rsa-with-rc4-128-md5 192.168.20.50 80

ssl-server 90 rsacert myrsacert1

ssl-server 90 rsakey myrsakey1

ssl-server 90 urlrewrite 22 www.test.com

ssl-server 91

ssl-server 91 vip address 192.168.20.101

ssl-server 91 cipher rsa-with-des-cbc-sha 192.168.20.60 80

ssl-server 91 cipher rsa-with-3des-ede-cbc-sha 192.168.20.60 80

ssl-server 91 cipher rsa-with-rc4-128-sha 192.168.20.60 80

ssl-server 91 cipher rsa-with-rc4-128-md5 192.168.20.60 80

ssl-server 91 rsacert myrsacert2

ssl-server 91 rsakey myrsakey2

ssl-server 91 urlrewrite 23 www.test1.com

active

!************************** SERVICE **************************

service SSLWWW

type ssl-accel

slot 6

keepalive type none

add ssl-proxy-list ssl-list

active

service rprox1

ip address 192.168.20.50

protocol tcp

port 80

active

service rprox2

ip address 192.168.20.60

protocol tcp

port 80

active

!*************************** OWNER ***************************

owner CMPA

content HTTP_rule

protocol tcp

add service rprox1

port 80

url "//www.test.com/*"

vip address 192.168.20.100

content SSLrule2

protocol tcp

vip address 192.168.20.101

application ssl

add service SSLWWW

port 443

active

content ssl

vip address 192.168.20.100

application ssl

add service SSLWWW

port 443

protocol tcp

active

Actions

This Discussion