Cisco Support Community
Community Member

CSS 11503 SSL-Proxy-List changes?

Hello, we have 2 CSS 11503 v8.10 w/CSS5-SSL-K9 box2box. We are only running one SSL module in each chassis. I noticed that when I want to make a change or add additional vips to the ssl-proxy-list I would have to take it oos. Is there a way to make a change to it without disrupting production and without purchasing an additional SSL Module? Thoughts?

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list SSL1-SCA2

ssl-server 1

ssl-server 1 vip address

ssl-server 1 cipher rsa-with-rc4-128-md5 81

ssl-server 1 rsacert HProdCert

ssl-server 1 rsakey HProdKey

ssl-server 2

ssl-server 2 vip address

ssl-server 2 cipher rsa-with-rc4-128-md5 81

ssl-server 2 rsacert HxUATCert

ssl-server 2 rsakey HxUATKey

ssl-server 3

ssl-server 3 vip address

ssl-server 3 cipher rsa-with-rc4-128-md5 81

ssl-server 3 rsacert UxUATCert

ssl-server 3 rsakey UxUATKey


!************************** SERVICE **************************

service SSL1-SCA2

type ssl-accel

slot 3

keepalive type none

add ssl-proxy-list SSL1-SCA2


Community Member

Re: CSS 11503 SSL-Proxy-List changes?

As far as I know, no. There is no way to make a change to an ssl-proxy-list without first taking it offline.

I do remember in a previous version you would even have to disable the service that was attached to the SSL-PROXY-LIST if you wanted to make a change. They've fixed that however.

CreatePlease to create content