We have 2 css in our network one we use in production and other in a testing enviornment. each has one ssl module. we dnt run them in failover mode. but if the prod fails for some reason we use testing to connect. now w have trouble loading the certificates and copying the config from prod. what we want is load the certificate on testing css and configure the ports.if in case our prod fails we just have to swap the cables.
1) can we load multiple certificates on css and to a single ssl module.How to tht? can we get the config?
you can upload multiple certificates into the CSS.
You can see all your files with the command 'show ssl file'.
You then create an association for each file.
Use the command 'show ssl associate' to verify which association you have.
Then inside your ssl-proxy-list, you can have multiple ssl-server.
Each server has a unique id.
You can use different certificate/key for each server.
ssl-server 1 rsakey LabKey
ssl-server 1 rsacert LabCert
ssl-server 2 rsakey ProdKey
ssl-server 2 rsacert ProdCert
Thanks Giles for the reponse, can you guide me with some link which explains me on how to upload multiple certificates and associate them with a file
the manual is a good start for documentation.
can u pls tell me in brief the steps
as i understand
load certifiate, load key, create ssl proxy list, content rule, owner..pls can u let em know the order
so i can load the other certificate on the test CSS, replicate the config from prod to test css..in this way i have 2 certfficates, one ssl module, multipl configuration..so it work am i right
i was reading one of your replies in a forum regarding GSLB..is GSLB only failover for servers? well in the post of mine i said about multiple certificates to be loaded on css? few days back we raised a question to our isp to provide us BGP failover. they too mentioned abt gslb but i wasnt convinced. wht we want
ISP 1---site 1---css1-- Pri web servers
ISP 2---site 2---css2---sec web servers
as i understand when the requests comes to css1 (assuming gslb is configured between css1 and css2) it acts like dns and send the traffic to pri web servers...so theres some comunication between css1 and pri webserves ..some kind of keepalive..for request to come in to css1 , my link with isp1 or the path to isp1 on the internet shd be available...my question is , wht if the lilnk to isp 1 fails, or isp 1 is not available over the internet, how will the requests get routed via isp2 to css 2 and then sec web servers..wht kind of intelligence will make it happen..BGP is implemented to do failover ISP's, will GLSB help in doing the same
GSLB works with dns.
It lets the CSS (or more preferable a GSS - global site selector) respond to dns queries.
The GSS or CSS uses keepalive to see which site is available before responding.
2 dns entries would be configured in the upstream dns server so that if one site is not available, the dns request can be sent to the other site.
There are a few documents talking about gslb on our website.
You should be able to find them.
can you pls be let me knw more..but does tht mean if link with one isp or isp itself is nt reachable on the internet, how will packet get routed over to the other site..can you pls let me know how it wrks iwth gslb..where will the upstream DNS reside..i need understanding how will packet will be routed over internet to the other site if primary isp is nt available.as as customer wht i need to do and at the isp level wht needs to be done?