Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSL Redundancy?

I have two CSMs and two SSL Modules in seperate chasis. The CSMs are in FT mode and I want to load balance against the two SSL modules. Do I need to purchase a certificate for both SSL modules for every service? If not, how do I install the cert for a given service on both modules??

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SSL Redundancy?

Depends how you created your key.

If you did it on the SSLM itself, and if you specified the keyword 'exportable', you should be able to dexport the key with the command 'crypto ca export ...'

See more info in the 2 links below.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d1c8.shtml

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d193.shtml

As a general remark I always recommend to generate keys,certificates and CSR on a separate machine [like a linux server]. It's then easier to import all the info to all your modules.

Regards,

Gilles.

Thanks for rating this answer.

4 REPLIES
Cisco Employee

Re: SSL Redundancy?

the fact that you have 2 ssl modules does not matter.

Simply add your certificate to each module separately even if this is the same certificate.

Gilles.

Community Member

Re: SSL Redundancy?

Thank you.

Is there any chance you could tell me how to go about doing this?? I get the following message when I try adding the cert. "Certificate does not contain router's General Purpose public key for trust point test-tp" I'm guessing I need to copy the keys from the 1st SSL mod but can't find the proccess.

Cisco Employee

Re: SSL Redundancy?

Depends how you created your key.

If you did it on the SSLM itself, and if you specified the keyword 'exportable', you should be able to dexport the key with the command 'crypto ca export ...'

See more info in the 2 links below.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d1c8.shtml

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008037d193.shtml

As a general remark I always recommend to generate keys,certificates and CSR on a separate machine [like a linux server]. It's then easier to import all the info to all your modules.

Regards,

Gilles.

Thanks for rating this answer.

Community Member

Re: SSL Redundancy?

Thanks. I finally did figure it out but as usual with the CSM/SSL mods never did find the docs. I will file these for future use..

786
Views
0
Helpful
4
Replies
CreatePlease to create content