CSS 11500 SSL Configuration Change

Answered Question
Jun 9th, 2007
User Badges:


We have CSS 11500 CSS with SSL module,

Any change in SSL configuration need ssl service suspension which bring down complete SSL enviroment.

Is their any way to change the SSL configuration without downtime?

Is their any ways to bring only one site which has change while other are still up?

I had configured

One SSL-proxy-list which contains 100 sites certificates.

i had bind ssl-proxy-list to ssl service which points to ssl module in slot 0.

Please let me know best configuration to reduce SSL downtimes.

Thanks in Advance


Correct Answer by tprendergast about 10 years 1 month ago

You only need to suspend the one you are working on.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
tprendergast Mon, 06/11/2007 - 11:05
User Badges:
  • Silver, 250 points or more

Aniruddha --

Unless you break out multiple proxy-lists, you will have to suspend the ssl environment to make a change. Once your change is complete, you can reactivate it.

There are a few schools of thought.

First, you can create ssl proxy-lists for each similar groups of sites. Your 100 certificates would then be broken out into a few groups, and you would minimize impact on your suspend/activate actions.

Second, you could just try to make your changes very quickly and minimize the ssl impact by using one proxy-list.

Third, you can create a lot of proxy-lists (one per content group). This is a ton of management and ends up being a problem instead of a solution.

Hope that helps,


Rate if you find this sufficient

ab_parkhi Mon, 06/11/2007 - 11:08
User Badges:

if i have multiple ssl-proxy list ,do i need to suspend service before change in any ssl-proxy list?

Correct Answer
tprendergast Mon, 06/11/2007 - 11:13
User Badges:
  • Silver, 250 points or more

You only need to suspend the one you are working on.


This Discussion