Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS11500 SSL handling question for multiple url/FQDNs with the same ip address

I know that it's possible on the CSS to handle multiple incoming HTTP requests that terminate on the same IP address and port and balance them to various servers based on the url.   For instance, I can set up and at the same address in DNS, and set up two different content rules:

content cats

vip address

port 80

url "//*"

add server cats1

add server cats2


content dogs


port 80

url "//*"

add server dogs1

add server dogs2


Easy and straightforward.

But what if I want to add SSL handling for and

I'm not sure how to create the ssl-proxy-list where one content rule (ip address/port) combination needs to pass through the ssl module and get matched with the proper ssl certificate.

Can this be done?  Can one associate multiple certs and keys with a single ssl-server entry and a single ssl accelerator service?  Or do I have to create multiple ssl-proxy-lists for cats and dogs and build multiple ssl services each referring to a unique ssl-proxy-list, and then use the url parameter in the https content rule to determine which ssl service (and therefore which key/cert pair) gets the traffic?

Thanks in advance for any insights.

Everyone's tags (2)

CSS11500 SSL handling question for multiple url/FQDNs with the s

Hi Tim,

Unfortunately this is not possible; you can't associate multiple certificates to a single proxy list due to the fact that SSL handshake is done first with no visibility of the URL being requested, so the CSS won't know which public server to use in order to perform the traffic decryption.

But there are a couple of options that you may want to look at (depending on the URL string)

If your URLs are subdomains and you hold a wildcard SSL certficate to match multiple requests, i.e your domain being "" you can have a certficate that will match request for or because the cert will be in the form *

The second option is SAN (Subject alternative names) certificates; which give you the option to include up to 4 flavors of the domain within the same file, such as,,

I hope this helps.

__ __


CreatePlease to create content