×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSS with SSL module - how many certs do we need

Unanswered Question
Apr 13th, 2006
User Badges:

Hello,


currently moving from server-based certs to CSS/SSL based.

We have two sites, two CSS/SSL on each in ASR mode.

There are two real servers behind each SSL rule for load balancing.

The question becomes how many certificates do we need

for such design ?

For sure we need one per site, then on each site we have Active/Standby CSS's.

Do we need separate certificate for each CSS?

I dont think so, cause only one is active at the time.

I tested it with same certificate on both CSS's on one site, no problem.

The question is will it be ok for production ?

So total number would be 2 cert for such design (one per VIP) if we have one SSL rule per site, and 4 if we have 2 SSL rule per site - is it ok ?


Thank you,

Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 04/14/2006 - 07:04
User Badges:
  • Cisco Employee,

the certificate is linked to a host name ie: www.mycompany.com.


So, if you have 4 css, all handling traffic for www.mycompany.com, then they can all share the same certificate.

Even if you have the 4 CSS split over 2 sites, using different vip, as long as they handle the same hostname, then they can share the certificate.


Actually, the CSS itself does not care about hostname/certificate mapping.

The CSS will use whatever certificate you configure it to use.

However, browsers make a check url <-> certificate and if there is a mismatch, they pop up an error message.


Regards,


Gilles.

Actions

This Discussion