I would like to know if it is possible to have two SSL modules installed in a CSS11503 with each one having it's own "ssl-proxy-list" ("ssl-proxy-list list1" and "ssl-proxy-list list2"), but the two lists (list1 and list2) are exactly the same.
I will explain my idea:
In normal situation the two "ssl-proxy-list" are active and the user's encrypted sessions are load balanced between the two SSL modules. But when we need to make a change to the "ssl-proxy-list", like changing a server's certificate, I would like to be able to suspend one service (type ssl-accel with the "ssl-proxy-list List1" attached to it for example) and wait for all active sessions to terminate before suspending the "ssl-proxy-list list1" for applying the changes.
Once the first "ssl-proxy-list" is updated I would make it active again and apply the same changes to the second "ssl-proxy-list".
Doing this this way I would like to be able to upgrade the servers's certificate during the working houres without disturbing the connected users...
Do you think this way of doing would be possible, or do you have an other solution to modify a "ssl-proxy-list" without disturbing the active running sessions ?
Thank you for your answer,