05-10-2007 12:54 PM
Well the questions keep coming.
Can anyone point me in the right direction for setting up multiple SSL terminations, 443 port for them all and multiple VIPS. So far I have one SSL site working but when i try to make my 2nd ssl proxy list active it says only one active at a time. So looking for sample configs to make this happen.
Cheers
Dave
05-10-2007 01:45 PM
You can only have one proxy list per ssl module.
You define multiple ssl server statements for multiple vips.
Syed
05-10-2007 01:50 PM
Thanks man, I read up a bit more and figured that out..Here is my config so far...
ssl associate rsakey myrsakey1 CSSrsakey1
ssl associate cert myrsacert1 CSScertfile1
ssl associate rsakey myrsakey2 CSSrsakey2
ssl associate cert myrsacert2 CSScertfile2
ip route 0.0.0.0 0.0.0.0 192.168.20.1 1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.20.20 255.255.255.0
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list ssl-list
ssl-server 90
ssl-server 90 vip address 192.168.20.100
ssl-server 90 cipher rsa-with-des-cbc-sha 192.168.20.50 80
ssl-server 90 cipher rsa-with-3des-ede-cbc-sha 192.168.20.50 80
ssl-server 90 cipher rsa-with-rc4-128-sha 192.168.20.50 80
ssl-server 90 cipher rsa-with-rc4-128-md5 192.168.20.50 80
ssl-server 90 rsacert myrsacert1
ssl-server 90 rsakey myrsakey1
ssl-server 90 urlrewrite 22 www.test.com
ssl-server 91
ssl-server 91 vip address 192.168.20.101
ssl-server 91 cipher rsa-with-des-cbc-sha 192.168.20.60 80
ssl-server 91 cipher rsa-with-3des-ede-cbc-sha 192.168.20.60 80
ssl-server 91 cipher rsa-with-rc4-128-sha 192.168.20.60 80
ssl-server 91 cipher rsa-with-rc4-128-md5 192.168.20.60 80
ssl-server 91 rsacert myrsacert2
ssl-server 91 rsakey myrsakey2
ssl-server 91 urlrewrite 23 www.test1.com
active
!************************** SERVICE **************************
service SSLWWW
type ssl-accel
slot 6
keepalive type none
add ssl-proxy-list ssl-list
active
service rprox1
ip address 192.168.20.50
protocol tcp
port 80
active
service rprox2
ip address 192.168.20.60
protocol tcp
port 80
active
!*************************** OWNER ***************************
owner CMPA
content HTTP_rule
protocol tcp
add service rprox1
port 80
url "//www.test.com/*"
vip address 192.168.20.100
content SSLrule2
protocol tcp
vip address 192.168.20.101
application ssl
add service SSLWWW
port 443
active
content ssl
vip address 192.168.20.100
application ssl
add service SSLWWW
port 443
protocol tcp
active
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide