I have a question about our SSLM configure, please see the following example:
service aa-SSL
virtual ipaddr 172.25.17.15 protocol tcp port 443 secondary
server ipaddr 172.24.92.6 protocol tcp port 80
certificate rsa general-purpose trustpoint www.app.aa.com
no nat server
inservice
crypto pki trustpoint www.app.aa.com
revocation-check none
rsakeypair www.app.aa.com
crypto ca import www.app.aa.com pkcs12 tftp:xxx
======================================
Once we finish the configuration, we could find the corresponding cer in SSLM, like:
crypto pki certificate chain www.app.aa.com
My first question is how to remove this cert if we want to decommission aa-ssl environment? Is it only with âno crypto pki certificate chain www.app.aa.comâ
If we have another environment like www.pre.app.aa.com shared the same VIP with www.app.aa.com. My second question is could I create only one ssl entry with wildcard like the following configuration:
service aa-SSL
virtual ipaddr 172.25.17.15 protocol tcp port 443 secondary
server ipaddr 172.24.92.6 protocol tcp port 80
certificate rsa general-purpose trustpoint *.app.aa.com
no nat server
inservice
Please advice! I would appreciate it!