CSS 11501S multiple certification assignment

Unanswered Question
Nov 22nd, 2009

Hello,

Is there a way to assign a key pair to two different virtual SSL servers, they differentiate only at the port.

Example

Virtual SSL Server1, Certification1 = 10.0.0.1:443   www.domain1.com

Virtual SSL Server2, Certification1 = 10.0.0.1:4443 www.domain1.com

(Cisco CSS 11501S-C Load Balancer)

Best regards,

Pat

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 11/23/2009 - 00:36

yes, you can create multiple ssl-server on the CSS and select the one you would like to use based on the destination port.

Create the ssl-server inside the ssl-proxy list. One listening on port 443 and the other listening on port 4443

Just be aware that a certificate contains the domain name, and that client browsers complain when the ip address does not match domain name.

CSS11503-2(config-ssl-proxy-list[gdufour])#  ssl-server 1 por?
  port                Specify the ssl-server's Virtual Port

Gilles.

patcocoon Mon, 11/23/2009 - 01:06

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

In our case the domain name will matches the IP address of the both virtual servers so there should not be a problem for the browser. Because both servers will have the same IP, they will represent the same domain name and therefore they must use the same certificate / key pair.

Will be there any problem assigning the same certificate / key pair to different virtual SSL servers?

Pat

Actions

This Discussion