Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

More CSS11506 Help SSL certs ?

The next CSS questions I have is this.

I have a need to have multiple web servers (port 80)on the backend behind the CSS. Each have a unique web service and URL.

I need to be able to terminate all of the front end web connections via HTTPS. Now obviously each web instance will have its own signed cert.

Is there a way to use just one public VIP on the CSS that each web url resolves to, but configure the CSS based on the url to use the appropriate cert for each site and then proceed with the backend port 8o connection ? Or am I stuck having to use one public IP per https connection ?

Thanks for all the help so far. I have learned a ton on the CSS since yesterday. Definitely a sophisicated piece of hardware.

Cheers

Dave

1 ACCEPTED SOLUTION

Accepted Solutions

Re: More CSS11506 Help SSL certs ?

you can support multiple Domains on a single VIP but you need to use a different port number per domain (eg 443 for one appl , 886 for another) so you can differentiate and map them to the right cert.

Other wise you will need to associate unique vip to each application using same 443 port.

Syed

4 REPLIES

Re: More CSS11506 Help SSL certs ?

You cannot use " url" command under SSL content rule as the CSS cannot read the header since it is encrypted. Css can only read the header once it is decrypted.

Syed

Community Member

Re: More CSS11506 Help SSL certs ?

Okay fair enough, so what are my options if I need to terminate more than 1 https connection

per CSS.

Cheers

Dave

Re: More CSS11506 Help SSL certs ?

you can support multiple Domains on a single VIP but you need to use a different port number per domain (eg 443 for one appl , 886 for another) so you can differentiate and map them to the right cert.

Other wise you will need to associate unique vip to each application using same 443 port.

Syed

Community Member

Re: More CSS11506 Help SSL certs ?

Well, the one main requirement is standard ports meaning 443 for everything. So my only option is unique VIPS. Now that is clear I can move on.

Thanks alot for the help.

Cheers

Dave

130
Views
5
Helpful
4
Replies
CreatePlease to create content