Trying to set up a transparent SSL proxy from our CSS 11503 to 3 Microsoft IIS6 servers. Don't need sticky sessions as we are using an IMDB on a secondary network on the web servers so hitting any one will preserve session. All traffic uses SSL, no HTTP allowed.
Did the following:
1) ssl genrsa RSAkey1 1024 "pwd"
2) ssl associate rsakey RSA1 RSAkey1
3) ssl gencsr RSAkey1
4) copied CSR into Verisign MPKI portal and selected Microsoft as the OS (LB 3 IIS6 servers)
5) Concatenate Verisign Intermediate with cert returned from step 4
6) copy ssl sftp ssl_record import chainedcsrt.cer PEM "pwd"
7) ssl associate cert Cert1 chainedcert.cer
%% Not a valid key or certificate file
Tried with just base cert received from step 4 and get same error.
However, if I export one of the certs and private key from one of the Windows 2003 servers import it. This works:
1) copy ssl sftp ssl_record import mycert.pfx PKCS12 "pwd" "pwd"
2) ssl associate cert Cert1 mycert.pfx
3) ssl associate rsakey RSA1 mycert.pfx
show ssl assoc indicates all is well.
How do I install a cert generated entirely from the CSS by submitting the csr to Verisign? Do I need to pick a different OS option? There is nothing listed for a CSS although there are options for other load balancers...