Multiple SSL Certs

Unanswered Question

Hi All,


I'm pretty sure I know the answer to this, but like the Russians say "Trust but Verify".


I've just been handed a requirement to add a second SSL termination on a CSS 11501S. I presume I just add a second SSL-SERVER to my proxy list and call the same service in the SSL rule. Is this the correct method? I know it will not allow me to create a 2nd proxy-list.


Please help me be sure I understand these things.


TIA,


Jim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Jim,


that is correct, below a sanitised CSS config:-



!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl-list

ssl-server 2

ssl-server 2 vip address x.x.x.x

ssl-server 2 urlrewrite 1 blah blah blah

ssl-server 2 cipher rsa-with-rc4-128-sha x.x.x.x 8080

backend-server 11

backend-server 11 ip address x.x.x.12

backend-server 11 port 8080

backend-server 11 server-ip x.x.x.x

backend-server 11 cipher rsa-with-rc4-128-sha

backend-server 12

backend-server 12 ip address x.x.x.7

backend-server 12 port 8080

backend-server 12 server-ip x.x.x.x

backend-server 12 cipher rsa-with-rc4-128-sha

ssl-server 2 rsakey blah blah blah

ssl-server 2 rsacert blah blah blah

active


!************************** SERVICE **************************

service etc-etc-etc

ip address x.x.x.1

type ssl-accel-backend

port 8080

add ssl-proxy-list ssl-list

keepalive port 443

keepalive type ssl

protocol tcp

active


service etc-etc-etc

ip address x.x.x.20

type ssl-accel-backend

port 8080

add ssl-proxy-list ssl-list

keepalive port 443

keepalive type ssl

protocol tcp

active


!*************************** OWNER ***************************

owner etc-etc


content something-secure

vip address x.x.x.50

protocol tcp

port 443

add service ssl-accel

application ssl

active


HTH.

Actions

This Discussion