CSS11500 SSL handling question for multiple url/FQDNs with the same ip address
I know that it's possible on the CSS to handle multiple incoming HTTP requests that terminate on the same IP address and port and balance them to various servers based on the url. For instance, I can set up www.cats.com and www.dogs.com at the same 192.168.35.12 address in DNS, and set up two different content rules:
I'm not sure how to create the ssl-proxy-list where one content rule (ip address/port) combination needs to pass through the ssl module and get matched with the proper ssl certificate.
Can this be done? Can one associate multiple certs and keys with a single ssl-server entry and a single ssl accelerator service? Or do I have to create multiple ssl-proxy-lists for cats and dogs and build multiple ssl services each referring to a unique ssl-proxy-list, and then use the url parameter in the https content rule to determine which ssl service (and therefore which key/cert pair) gets the traffic?
CSS11500 SSL handling question for multiple url/FQDNs with the s
Unfortunately this is not possible; you can't associate multiple certificates to a single proxy list due to the fact that SSL handshake is done first with no visibility of the URL being requested, so the CSS won't know which public server to use in order to perform the traffic decryption.
But there are a couple of options that you may want to look at (depending on the URL string)
If your URLs are subdomains and you hold a wildcard SSL certficate to match multiple requests, i.e your domain being "pets.com" you can have a certficate that will match request for dogs.pets.com or cats.pets.com because the cert will be in the form *.pets.com
The second option is SAN (Subject alternative names) certificates; which give you the option to include up to 4 flavors of the domain within the same file, such as pets.com, pets.net, www.1pets.com.
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...