12-07-2006 07:55 AM
Hi,
We have a number of SSL servers defined in a ssl-proxy-list on a CSS 11501 running 7.50.1.03. The ssl-proxy list is used in a HTTPS termination service.
When we want to add another SSL server to the ssl-proxy-list, I have to suspend the list, add the new SSL server and then activate the list. Even though the interruption is short, these steps make the current SSL server unavailable during the process. Is there a way to make the change without affecting availability of the existing servers?
Also, if we are using box-to-box redundancy, would there be away to solve the above problem (unless there is an easier solution)?
Thanks in advance for your help!
Regards,
Harald
12-13-2006 07:31 AM
If your using box to box, make the change in the backup. Then force the backup to master (some flows will be lost) (force master command) finnaly change the config in the new backup
12-20-2006 03:43 AM
I agree with diro. This is how we do on our gears. Do it on the backup and then trigger a failover, do it on the other box now.
There is one more way. Try constructing a new proxy-list in parallel to the existing one. Yes you can have multiple proxy-lists (256?) but only one can be active. When ready suspend current proxy-list, remove it from the ssl-mod-service as well and add the new one.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide