Modifying an "ssl-proxy-list" without disturbing the active sessions.
I would like to know if it is possible to have two SSL modules installed in a CSS11503 with each one having it's own "ssl-proxy-list" ("ssl-proxy-list list1" and "ssl-proxy-list list2"), but the two lists (list1 and list2) are exactly the same.
I will explain my idea:
In normal situation the two "ssl-proxy-list" are active and the user's encrypted sessions are load balanced between the two SSL modules. But when we need to make a change to the "ssl-proxy-list", like changing a server's certificate, I would like to be able to suspend one service (type ssl-accel with the "ssl-proxy-list List1" attached to it for example) and wait for all active sessions to terminate before suspending the "ssl-proxy-list list1" for applying the changes.
Once the first "ssl-proxy-list" is updated I would make it active again and apply the same changes to the second "ssl-proxy-list".
Doing this this way I would like to be able to upgrade the servers's certificate during the working houres without disturbing the connected users...
Do you think this way of doing would be possible, or do you have an other solution to modify a "ssl-proxy-list" without disturbing the active running sessions ?
Re: Modifying an "ssl-proxy-list" without disturbing the active
An SSL proxy list may belong to multiple SSL services (one SSL proxy list per service), and an SSL service may belong to multiple content rules. You can apply the services to content rules that allow the CSS to direct SSL requests for content.
The CSS supports one active SSL service for each SSL module in the CSS, one SSL service per slot. You can configure more than one SSL service for a slot but only a single SSL service can be active at a time.
No modifications to an SSL proxy list are permitted on an active list. Suspend the list prior to making changes, and then reactivate the SSL proxy list once the changes are complete. Once you have modified the SSL proxy list, suspend the SSL service, reactivate the SSL proxy list, and then reactivate the SSL service.
You can use maximum 4 different certificates at a time.
Use the suspend command to suspend an active SSL proxy list.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...