06-11-2009 01:29 AM
CSS11500# show service ssl_serv1
Name: ssl_serv1 Index: 26
Type: Ssl-Accel State: Susp/Init
Rule ( 0.0.0.0 ANY ANY )
Session Redundancy: Disabled
SSL-Accel slot: 4
Session Cache Size: 10000
Redirect Domain:
Redirect String: (null)
Keepalive: (NONE 5 3 5 )
Keepalive Encryption: Disabled
Last Clearing of Stats Counters: 12/15/2006 00:02:54
Mtu: 1500 State Transitions: 0
Total Local Connections: 0 Total Backup Connections: 0
Current Local Connections: 0 Current Backup Connections: 0
Total Connections: 0 Max Connections: 65534
Total Reused Conns: 0
Weight: 1 Load: 255
Weight Reporting: None
SSL Proxy Lists:
1: ssl_list1-Suspended
!
CSS506INT4(config-ssl-proxy-list[ssl_list1])# active
Error in ssl-server 1: RSA Cert/Key Verify
CSS506INT4(config-service[ssl_serv1])# active
%% No active ssl-lists on service, service not activated.
!
- The ssl-lists can't activite due to Error in ssl-server 1: RSA Cert/Key Verify, and the configuration is:
ssl-proxy-list ssl_list1
ssl-server 1
ssl-server 1 vip address 192.168.x.x
ssl-server 1 cipher rsa-with-rc4-128-md5 192.168.x.x 80
ssl-server 1 rsakey xxxxxx
ssl-server 1 rsacert xxxxxx
Please help asap.. thanks.
06-12-2009 08:43 AM
It appears you have a key/cert mismatch. Have you issued the following command on the CSS:
(config)# ssl verify myrsacert1 myrsakey1
You should get "Certificate and key match"
If not, you will need to import a matching key and certificate.
Regards
Kris
06-14-2009 05:40 PM
Thanks, Kris. Your assumption is correct, the following result is found:
%% Certificate and key do not match
Since I am not familer with CSS, would you please let me know how to import/generate the key and cert?
Thank you very much..
06-14-2009 07:32 PM
Hi, take a look of this link,
CSS SSL Configuration Guide:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: