Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS11501 HTTPS Doubt

Hi there,


We have a CSS11501 box with no SSL module.

In just a VIP we are load sharing four HTTP/HTTPS servers and certificates installed in the IIS servers.

With the only one VIP and the same certificate in the servers, we're trying to do the following

Forward HTTP://www.domain.com/application1/ AND HTTPS://www.domain.com/application1/ to the first four IIS servers.

Forward HTTP://www.domain.com/application2/ AND HTTPS://www.domain.com/application2/ to other two Apache servers.

Question: Is it possible to achieve with a CSS box with no SSL module?


PS: I think that it's not possible because the certificate exchange/verification occurs before the browser sends the HTTPS request. The CSS box doesn't know to which server send the request because the request itself is encrypted and the CSS is just blindly forwardig the tcp/443 packets to the back-end servers.

Thanks,

Hugo

2 REPLIES
Cisco Employee

Re: CSS11501 HTTPS Doubt

Without an SSL module you will not be able to see the url...it is encrypted...so no this is no possible.

With an ssl module, you can decrypt and then identify the application and select the right server.

However, you will not be able to use different key/certificate per application since you need to decrypt to identify the application.

Thereare what is called wildcard certificate which can regroup multiple applications of a single domain.

Gilles.

New Member

Re: CSS11501 HTTPS Doubt

Gilles,

Thank you a lot.

179
Views
0
Helpful
2
Replies
CreatePlease login to create content