Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS 11501S multiple certification assignment

Hello,

Is there a way to assign a key pair to two different virtual SSL servers, they differentiate only at the port.

Example

Virtual SSL Server1, Certification1 = 10.0.0.1:443   www.domain1.com

Virtual SSL Server2, Certification1 = 10.0.0.1:4443 www.domain1.com

(Cisco CSS 11501S-C Load Balancer)

Best regards,

Pat

3 REPLIES
Cisco Employee

Re: CSS 15000 multiple certification assignment

yes, you can create multiple ssl-server on the CSS and select the one you would like to use based on the destination port.

Create the ssl-server inside the ssl-proxy list. One listening on port 443 and the other listening on port 4443

Just be aware that a certificate contains the domain name, and that client browsers complain when the ip address does not match domain name.

CSS11503-2(config-ssl-proxy-list[gdufour])#  ssl-server 1 por?
  port                Specify the ssl-server's Virtual Port

Gilles.

New Member

Re: CSS 15000 multiple certification assignment

In our case the domain name will matches the IP address of the both virtual servers so there should not be a problem for the browser. Because both servers will have the same IP, they will represent the same domain name and therefore they must use the same certificate / key pair.

Will be there any problem assigning the same certificate / key pair to different virtual SSL servers?

Pat

Cisco Employee

Re: CSS 15000 multiple certification assignment

You can reuse the same key/cert. No problem there.

Gilles.

393
Views
0
Helpful
3
Replies