CSS 11501S multiple certification assignment

Unanswered Question
Nov 22nd, 2009
User Badges:


Is there a way to assign a key pair to two different virtual SSL servers, they differentiate only at the port.


Virtual SSL Server1, Certification1 =   www.domain1.com

Virtual SSL Server2, Certification1 = www.domain1.com

(Cisco CSS 11501S-C Load Balancer)

Best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Mon, 11/23/2009 - 00:36
User Badges:
  • Cisco Employee,

yes, you can create multiple ssl-server on the CSS and select the one you would like to use based on the destination port.

Create the ssl-server inside the ssl-proxy list. One listening on port 443 and the other listening on port 4443

Just be aware that a certificate contains the domain name, and that client browsers complain when the ip address does not match domain name.

CSS11503-2(config-ssl-proxy-list[gdufour])#  ssl-server 1 por?
  port                Specify the ssl-server's Virtual Port


patcocoon Mon, 11/23/2009 - 01:06
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

In our case the domain name will matches the IP address of the both virtual servers so there should not be a problem for the browser. Because both servers will have the same IP, they will represent the same domain name and therefore they must use the same certificate / key pair.

Will be there any problem assigning the same certificate / key pair to different virtual SSL servers?


Gilles Dufour Mon, 11/23/2009 - 05:23
User Badges:
  • Cisco Employee,

You can reuse the same key/cert. No problem there.



This Discussion