Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL Certificate Question

Hi, I have a question. I have 2 CSS11501 to load balance 2 SSL Web Server(https) where I just simply load balance SSL traffic without terminating SSL traffic inside CSS(no SSL module). I am going to request 2 SSL certificates from CA where "host" of subject in certificate is not domain name but is IP address. Normally people will use domain name such as abc.com to submit their signing request of certificate to CA, but in my case where I not using domain name in my network, thus I will use IP address to submit the signing request of certificate to CA. My question is the IP address of the "host" of certificate for submitting certificate signing request have to be virtual IP of content rule or the real IP address of each server respectively?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SSL Certificate Question

the browser checks if the name inside the certificate matches with the host name typed in the url.

Since you are using ip addresses, I believe you need to use the virtual ip as this is what the user will type.

So, 1 certificate should be enough.

Gilles.

2 REPLIES
Cisco Employee

Re: SSL Certificate Question

the browser checks if the name inside the certificate matches with the host name typed in the url.

Since you are using ip addresses, I believe you need to use the virtual ip as this is what the user will type.

So, 1 certificate should be enough.

Gilles.

New Member

Re: SSL Certificate Question

Thanks qdufour for your quick answer and help. Your answer make sense and I will try it out.

152
Views
0
Helpful
2
Replies
CreatePlease to create content