Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
1
Replies

Question about SSLM configure

HWangLoyalty_2
Level 1
Level 1

‎04-02-2009 11:26 AM

I have a question about our SSLM configure, please see the following example:

service aa-SSL

virtual ipaddr 172.25.17.15 protocol tcp port 443 secondary

server ipaddr 172.24.92.6 protocol tcp port 80

certificate rsa general-purpose trustpoint www.app.aa.com

no nat server

inservice

crypto pki trustpoint www.app.aa.com

revocation-check none

rsakeypair www.app.aa.com

crypto ca import www.app.aa.com pkcs12 tftp:xxx

======================================

Once we finish the configuration, we could find the corresponding cer in SSLM, like:

crypto pki certificate chain www.app.aa.com

My first question is how to remove this cert if we want to decommission aa-ssl environment? Is it only with “no crypto pki certificate chain www.app.aa.com”

If we have another environment like www.pre.app.aa.com shared the same VIP with www.app.aa.com. My second question is could I create only one ssl entry with wildcard like the following configuration:

service aa-SSL

virtual ipaddr 172.25.17.15 protocol tcp port 443 secondary

server ipaddr 172.24.92.6 protocol tcp port 80

certificate rsa general-purpose trustpoint *.app.aa.com

no nat server

inservice

Please advice! I would appreciate it!

Labels:
0 Helpful
1 Reply 1

brispin
Level 1
Level 1

‎04-08-2009 03:06 PM

You can remove the certificate but you need to be in certificate chain configuration mode to delete certificates. An example configuration is provided here

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c5.html#wp1043434

0 Helpful
Customers Also Viewed These Support Documents