Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How many CSS SSL certificates needed?

From reading the CSS SSL Configuration Guide, it seems that one certificate is needed for each virtual SSL server (or VIP), regardless of how many servers are being load-balanced behind that VIP, but that is not made very clear. Also, it appears that a separate certificate is required for each virtual SSL server. Can someone please confirm or correct this for me? Thank You.

4 REPLIES
Cisco Employee

Re: How many CSS SSL certificates needed?

a certificate is usually linked to a domain name.

So, it does not matter how many vip or servers you have.

The most important is the domain.

There is also wild card certificates that can regroup multiple domain name.

I would suggest you to ask your certificate provider what is required in your case.

If he questions your equipment just say you have 1 apache server.

Regards,

Gilles.

Community Member

Re: How many CSS SSL certificates needed?

Gilles,

Thanks for the quick response. Your response prompted me to check Verisign's SSL Certificate FAQs, restated and elaborated on your answer.

Community Member

Re: How many CSS SSL certificates needed?

A quick (I hope) follow-up question on this...

Given multiple domain names being load-balanced by a CSS with a single SSL module, would I need different key and cert associations? I am thinking of something like this:

ssl associate rsakey prodkey prodkey.pem

ssl associate cert prodcert prodcert.pem

ssl associate dhparam proddh proddh.pem

ssl associate rsakey intkey intkey.pem

ssl associate cert intcert intcert.pem

ssl associate dhparam intdh intdh.pem

Cisco Employee

Re: How many CSS SSL certificates needed?

you are correct.

If you have multiple domain and each one has its own key/cert, you will need to import all the files and associate them.

FYI, I never saw any site where DH was being used.

So you most probably do not need it.

Gilles.

124
Views
0
Helpful
4
Replies
CreatePlease to create content