cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
384
Views
0
Helpful
4
Replies

How many CSS SSL certificates needed?

eleibowitz
Level 1
Level 1

From reading the CSS SSL Configuration Guide, it seems that one certificate is needed for each virtual SSL server (or VIP), regardless of how many servers are being load-balanced behind that VIP, but that is not made very clear. Also, it appears that a separate certificate is required for each virtual SSL server. Can someone please confirm or correct this for me? Thank You.

4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

a certificate is usually linked to a domain name.

So, it does not matter how many vip or servers you have.

The most important is the domain.

There is also wild card certificates that can regroup multiple domain name.

I would suggest you to ask your certificate provider what is required in your case.

If he questions your equipment just say you have 1 apache server.

Regards,

Gilles.

Gilles,

Thanks for the quick response. Your response prompted me to check Verisign's SSL Certificate FAQs, restated and elaborated on your answer.

A quick (I hope) follow-up question on this...

Given multiple domain names being load-balanced by a CSS with a single SSL module, would I need different key and cert associations? I am thinking of something like this:

ssl associate rsakey prodkey prodkey.pem

ssl associate cert prodcert prodcert.pem

ssl associate dhparam proddh proddh.pem

ssl associate rsakey intkey intkey.pem

ssl associate cert intcert intcert.pem

ssl associate dhparam intdh intdh.pem

you are correct.

If you have multiple domain and each one has its own key/cert, you will need to import all the files and associate them.

FYI, I never saw any site where DH was being used.

So you most probably do not need it.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: