Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
3
Replies

SSL configuration question

Gomez
Level 1
Level 1

‎05-07-2007 03:36 AM

Hi,

Can i assign multiple certificates the the same VIP and virtual server? How will the content switch select the right certificates. Suppose i have two webservers http://www.webserver1.org http://www.webserver2.org. I only have one public ip add available for use, and i want to add SSL security on the content switch. Can i use one VIP and assign multiple rsakey's and rsacert to the same VIP. How will the content switch select the right certificate if I type https://www.webserver1.org i wan't to receive the right certificate.

For the moment i use different VIP's per SSL certificate but we are running out of public available vips.

Kind regards,

Frederik De Muyter.

Labels:
0 Helpful
3 Replies 3

Gomez
Level 1
Level 1

‎05-09-2007 06:50 AM

For example in apache it's also not possible to do ssl on namebased virtual hosts so i think the content switch will also not support is.

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2

0 Helpful

RODRGUTI
Level 1
Level 1

‎05-22-2007 06:41 PM

Hello Frederik,

No, you cannot assign multiple certificates to the same VIP.

The problem is that you will have one Content rule listening on port 443, but if you try to create 2 ssl-servers with the same vip and port, the CSS wont allow you to activate it, because you cannot have 2 ssl-server with the same vip and port configured.

The trick here would be to use one domain working on normal https/443, and the other domain on https but on port 444 for example.

You will have 2 content rules with the same vip but with different ports, one listening on port 443, and the other one 444.

Now, you can have 2 ssl-servers on your ssl-proxy-list, with the same vip address, but with different ports.

With this setup the CSS is going to be able to use the specific cert for each domain.

Hope this help.

- Rodrigo

0 Helpful

Gomez
Level 1
Level 1
In response to RODRGUTI

‎05-22-2007 09:55 PM

Hi Rodrigo,

Thank you for the help. I have another question regarding SSL Certificates.

Suppose I have the following proxylist.

ssl-proxy-list

ssl-server 9 rsacert ecms.railaccess.be.pem

ssl-server 9 rsakey ecms.railaccess.be.rsa

ssl-server 9 vip address 195.177.246.58

ssl-server 9 cipher rsa-with-rc4-128-sha 195.177.246.58 52994

content railaccess.be

vip address 195.177.246.54

protocol tcp

add service ssl_portal

port 443

active

content railaccess.be-redirect

vip address 195.177.246.54

redirect "https://www.railaccess.be"

protocol tcp

port 80

url "//www.railaccess.be/*"

active

content railaccess.be.backend

vip address 195.177.246.54

protocol tcp

port 52994

url "//www.railaccess.be/*"

redundant-index 146

add service proatriu0po21a0_railaccess

add service problock0po22a0_railaccess

active

I would like to create a new content rule that uses the same certificate but redirects to another server in the backend.

For example

the url

"www.railaccess.be/tracking"

should redirect to 2 other services

on port 80 for example.

How can i do this? Create a new SSL-server in the proxy-list that redirect to other port?

Kind regards and tnx for the help on the previous question.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents