CSS11501 HTTPS Doubt

Unanswered Question
May 16th, 2010
User Badges:

Hi there,


We have a CSS11501 box with no SSL module.


In just a VIP we are load sharing four HTTP/HTTPS servers and certificates installed in the IIS servers.


With the only one VIP and the same certificate in the servers, we're trying to do the following


Forward HTTP://www.domain.com/application1/ AND HTTPS://www.domain.com/application1/ to the first four IIS servers.


Forward HTTP://www.domain.com/application2/ AND HTTPS://www.domain.com/application2/ to other two Apache servers.


Question: Is it possible to achieve with a CSS box with no SSL module?


PS: I think that it's not possible because the certificate exchange/verification occurs before the browser sends the HTTPS request. The CSS box doesn't know to which server send the request because the request itself is encrypted and the CSS is just blindly forwardig the tcp/443 packets to the back-end servers.



Thanks,


Hugo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 05/17/2010 - 05:08
User Badges:
  • Cisco Employee,

Without an SSL module you will not be able to see the url...it is encrypted...so no this is no possible.


With an ssl module, you can decrypt and then identify the application and select the right server.

However, you will not be able to use different key/certificate per application since you need to decrypt to identify the application.

Thereare what is called wildcard certificate which can regroup multiple applications of a single domain.


Gilles.

Actions

This Discussion