CSS SSL termination on transparent mode

Answered Question
Jan 22nd, 2008

Is it possible if I have one IP address on my CSS and I would like to enable the SSL termination service? I seem not work. Is it a configuration problem or SW limitation?

This is my CSS configuration.


ABC-CSS01# sh run

!Generated on 01/22/2008 10:36:42

!Active version: sg0750205


!*************************** GLOBAL ***************************

no restrict web-mgmt

logging buffer 64000

ssl associate rsakey myrsakey1 myrsakey.pem

ssl associate cert mychainedrsacert1 myrsakey2.cer

ssl associate dhparam 1 dahshing_dh.pem

ip route 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl-list

ssl-server 20

ssl-server 20 vip address

ssl-server 20 cipher rsa-with-des-cbc-sha 80

ssl-server 20 cipher rsa-with-3des-ede-cbc-sha 80

ssl-server 20 cipher rsa-with-rc4-128-sha 80

ssl-server 20 cipher rsa-with-rc4-128-md5 80

ssl-server 20 rsacert mychainedrsacert1

ssl-server 20 rsakey myrsakey1


!************************** SERVICE **************************

service uatsec1

protocol tcp

ip address

keepalive type tcp

port 80


service www

type ssl-accel

add ssl-proxy-list ssl-list

keepalive type none

slot 2


!**************************** EQL ****************************

eql Cacheable

description "This EQL contains extensions of cacheable content"

extension pdf "Acrobat"

extension fdf "Acrobat Forms Document"

extension au "Sound audio/basic"

extension bmp "Bitmap Image"

extension z "Compressed data application/x-compress"

extension gif "GIF Image image/gif"

extension html "Hypertext Markup Language text/html"

extension htm

extension js "Java script application/x-javascript"

extension mocha

extension jpeg "JPEG image image/jpeg"

extension jpg

extension jpe

extension jfif

extension pjpeg

extension pjp

extension mp2 "MPEG Audio audio/x-mpeg"

extension mpa

extension abs

extension mpeg "MPEG Video video/mpeg"

extension mpg

extension mpe

extension mpv

extension vbs

extension m1v

extension pcx "PCX Image"

extension txt "Plain text text/plain"

extension text

extension mov "QuickTime video/quicktime"

extension tiff "TIFF Image image/tiff"

extension tar "Unix Tape Archive application/x-tar"

extension avi "Video for Windows video/x-msvideo"

extension wav "Wave File audio/x-wav"

extension gz "application/x-gzip"

extension zip "ZIP file application/x-zip-compressed"

!*************************** OWNER ***************************

owner ssl_owner

content ssl

port 443

vip address

protocol tcp

application ssl

add service www



Thank you.

Adam Lam

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
smahbub Mon, 01/28/2008 - 08:48

the problem description as being an issue with installing certificates on the SSL module.

paste 'script play showtech'.


This Discussion