Just had a conversation with our application team. They are thinking/planning about moving a construct of approximate 10+ real servers that host around 70+ vhost to a single ACE context.
So far we only configured 1:1 relations in terms of context to ssl proxy.
- Is it possible to ssl-terminate multiple websites with multiple certificates in one context?
- Do you have to distinguish those different vhosts (websites) and the related SSL traffic through separate SSL proxy services?
- If you have to use separate ssl proxies, is it sufficient to bind them via different class maps into one single (multi match) policy map?
- What would be the best practice approach for this scenario?
Thanks for reading
If your server certificates have a common CA chain (or no CA chain) then the limit of 8 doesn't apply. AFAIK except for the general resource limits there are no restrictions on the number of SSL proxy servers per context.