Once the CSR has been signed by a CA, it is now called a Certificate. The Certificate file must be imported to the CSS.
Import Chained Certificate File
Issue the copy ssl command to facilitate the import or export of certificates and private keys from or to the CSS. The CSS stores all imported files in a secure location on the CSS. This command is available only in SuperUser mode. For example, to import the mychainedrsacert.pem certificate from a remote server to the CSS, type the following:
Note: XRamp certificates are issued using a .cer format. .pem, .cer, and .crt extensions can be interchanged, as they are the same type of file.
Associate the Certificate File
Issue the ssl associate cert command to associate a certificate name to the imported certificate. For example, to associate the certificate name mychainedrsacert1 to the imported certificate file mychainedrsacert.pem, type the following:
Issue the ssl-proxy-list command to create an SSL proxy list. An SSL proxy list is a group of related virtual or backend SSL servers that are associated with an SSL service. The SSL proxy list contains all the configuration information for each virtual SSL Server. This includes the SSL Server creation, certificates and corresponding SSL key pair, Virtual IP (VIP) address and port, SSL ciphers supported, and other SSL options. For example, to create the ssl-proxy-list ssl_list1, type the following:
CSS11500(config)# ssl-proxy-list ssl_list1
Create ssl-list , [y/n]: y
Once you create an SSL proxy list, the CLI enters you into the ssl-proxy-list configuration mode. Configure your SSL server as shown below.
Re: CSS: "ssl-server 10 rsacert" command was deleted during boot
-----start page 2
Configure Secure Socket Layer (SSL) Service and Content Rules Once the SSL proxy list is activated, a service and content rule need to be configured to allow the CSS to send SSL traffic to the SSL module. This table provides an overview of the steps required to create an SSL service for a virtual SSL server, including adding the SSL proxy list to the service and creating an SSL content rule.
Create an SSL service
CSS11500(config)# service ssl_serv1Create service , [y/n]: y
CSS11500(config-service[ssl_serv1])# type ssl-accel
CSS11500(config-service[ssl_serv1])# slot 2
CSS11500(config-service[ssl_serv1])# keepalive type none
CSS11500(config-owner-content[decrypted_www]# port 80
CSS11500(config-owner-content[decrypted_www])# add service linux_http
CSS11500(config-owner-content[decrypted_www])# add service win2k_http
At this point, client HTTPS traffic can be sent to the CSS at 192.168.3.6:443. The CSS decrypts the HTTPS traffic, converting it to HTTP. The CSS then chooses a service and sends the HTTP traffic to a HTTP Web server. The following is a working CSS configuration
Use the following URL for Requesting and Installing a Server Certificate on the CSS11500
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...