I am setting up a CSS11501 where I want to implement SSL offloading in a one-armed-bandit configuration.
My question is how to import an existing Verisign certificate to the CSS11501 that is currently installed on a Win2K web server. Do I have to revoke the existing certificate and apply for a new one by generating the CSR on the CSS or is there a way to import the existing certificate to the CSS and how can this be done?
the rsacert is clear to me, however the rsakey and the cipher are not clear. Is it possible for you to explain both and whether I need these in case of ssl termination with an imported certificate from a win2K server?
Well actually this is the whole process. When you need to use SSL for your site you create a Keypair which contains a Public and a Private Key.
You save your Private Key and use the public key to create a CSR (Cetificate Signing request) which you send to your CA, then the come up with the certificate.
On your case that process was followed before the certificate was installed on your Win2K server.
If your certificate is a PKCS12 format, then the keypair and the cert are on the same file. In the case of PEM there would be a file for the keypair and another for the cert.
In your case (then again if your file is PKCS12) then you just upload the file to the CSS and the associate the rsakey and the cert, both associations are done to the same file but one will be the rsakey and the other the rsacert, the name you use is the same you need to include on the ssl-server configuration.
With regards to the cipher command, well it defines what cipher suite would the CSS support and that needs to match with the one of ciphers supported by client's browser or application (cipher rsa-with-rc4-128-md5 is supported by most clients)
The IP and port you configure on the cipher command defines what the SSL module will destined traffic after decrypting it. For instance the cipher on your example means that the CSS will take traffic in port 443 going to 192.168.5.5 and will send it to same VIP but destined to port 80 which will be matched by a clear text content rule configured on port 80 that contains the real servers to send the traffic to.
The client where I want to do this implementation has one webserver that listens both on http and https at this moment. In the new construction, the ssl certificate in the server will be imported to the CSS and the webserver will only listen to http. How can i make sure that when a client wants to enter the secure part of the website, it will get https instead of http? Do I need to do a redirect or url-rewrite?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...