Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Backend SSL - Service disruption


I was trying to configure the CSS11503 to do backend SSL to the servers. What I noticed was that in order to add new backend server to the ssl-proxy-list, there seems to be a lenthy process to accomplish this task:

1. Deactive the ssl-proxy-list

2. Add the new backend-server entry

3. Deactivate all the services that use the ssl-proxy-list

4. Active the ssl-proxy-list

5. Re-activate all services that have been suspended from step 3.

I assume while performing this process, access to the site via ssl will be not be allowed. If this is the case, how can one provide high availability site?

I hope there is a better way to do this with out disrupting services that I'm not aware of.

Thanks in advance for any information.


New Member

Re: Backend SSL - Service disruption

From my experience rather than fact access is only effected between 3 and 5.

Perhaps there are there situations when it is unavailable after 1, say if it rule hasn't been used before

You can minimize the time using a script rather than typing

But there should a way to avoid it

Other than having to get 2 units

New Member

Re: Backend SSL - Service disruption

Yes, I hate to have to de-activate 20+ servers just to add one server manually. So a script would be a must then. This is just insane how it works...

Eventhough with 2 units, the SSL will not fail-over seamlessly I assume. From onther post (SSL - ASR) Gilles was mentioning that "If the SSL offloader is the SSL module inside the CSS, then ASR does not work."



CreatePlease to create content