10-15-2008 11:17 AM
Hi
I am doing configuration for backend ssl, but it does not work.
When I config backend ssl, does the local server need config as ssl server? So they should install a certificate, and my CSS do not need a certificate?
Please advice if my understanding is correct?
Any comments will be appreciate
Thanks in advance
Solved! Go to Solution.
10-16-2008 03:53 AM
if a service is down, check if you have an arp entry for the ip address, and check if the keepalive is successful.
Get a sniffer trace.
Also try to set the keepalive type to icmp to see if it brings up the service.
This would be an indication that you have an issue with the SSL probe.
Gilles.
10-15-2008 08:39 PM
I think I have understood about question.
However, I have another problem now:
I have configured two backend services, one is alive and one is down. I believe both services are configured same.
the configuration is:
ssl-proxy-list ssl-slot3
backend-server 10
backend-server 10 ip address 10.1.1.51
backend-server 10 port 81
backend-server 10 server-ip 10.1.1.51
backend-server 10 cipher rsa-with-rc4-128-sha
backend-server 11
backend-server 11 ip address 10.1.1.52
backend-server 11 port 81
backend-server 11 server-ip 10.1.1.52
backend-server 11 cipher rsa-with-rc4-128-sha
service ssl-backend10
type ssl-accel-backend
protocol tcp
port 81
add ssl-proxy-list ssl-slot3
keepalive type ssl
keepalive port 443
ip address 10.1.1.51
active
service ssl-backend11
type ssl-accel-backend
protocol tcp
port 81
add ssl-proxy-list ssl-slot3
keepalive type ssl
keepalive port 443
ip address 10.1.1.52
active
# sh service summary | grep back
ssl-backend10 Alive 0 1 2 2
ssl-backend11 Down 0 1 255 0
I have checked both local servers, and port 443 for both of them are openned.
Could anyone advice me what problem it is? How to fix it?
For your information, I have configured content as:
content ssl-back
vip address 10.1.2.43
protocol tcp
port 81
url "/*"
add service ssl-backend10
add service ssl-backend11
balance leastconn
active
Any comments will be apprecited
Thanks in advance
10-16-2008 03:53 AM
if a service is down, check if you have an arp entry for the ip address, and check if the keepalive is successful.
Get a sniffer trace.
Also try to set the keepalive type to icmp to see if it brings up the service.
This would be an indication that you have an issue with the SSL probe.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide