Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
1
Replies

Web Servers with Certificate

matt.s
Level 1
Level 1

‎10-21-2008 08:32 AM

We have 11503-SSL in one-arm mode and have requirement that the Certifiates be on the Web Servers. Can I just not do ssl acceleration on the CSS and pass 443 to the Web Servers. What would that config look like?

Thank You

Matt

Labels:
0 Helpful
1 Reply 1

Syed Iftekhar Ahmed
Level 8
Level 8

‎10-21-2008 10:43 AM

You have two options

1. (As you mentioned) Donot offload ssl on CSS and send the traffic to Server directly for ssl offload. Shortcoming of this method is that you cannot use HTTP headers for making Intelligent LB decisions

You simply need a content rule listening on TCP 443. For e.g

content apps-443

add service svc1

add service svc2

vip address 192.168.1.1

protocol tcp

port 443

active

service svc1

ip address 10.10.10.1

port 443

protocol tcp

keepalive type tcp

keepalive port 443

active

service svc2

ip address 10.10.10.2

port 443

protocol tcp

keepalive type tcp

keepalive port 443

active

2. Do end2end SSL. Where you will have to install cert on CSS, offload ssl on css, make LB decision based on Layer7 headers, encrypt the http request again and send it to the server as encrypted request (Server will do the SSL offloading again).

HTH

Syed Iftekhar Ahmed

0 Helpful
Customers Also Viewed These Support Documents