Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Wild Card Cert

Is there a way to use a wild card cert in the CSS SSL Proxy list ?

Looks like you can request a cert such as ABC*.xyz.com from Verisighn.

Can you use that in a CSS for URLS like

ABC1.xyz.com

ABC2.xyz.com

ABC3.xyz.com

and only use one VIP ?

Thanks

Steve

2 REPLIES
Silver

Re: Wild Card Cert

Yes it is possible to use the Wild card cert in the CSS SSL. You would need to use a wild card cert (for both domains) and/or limit the site to only one domain...and have the CSS send the client a 302 redirect if the other domain was used.

Cisco Employee

Re: Wild Card Cert

the domain will be used to get a destination ip address.

So, the CSS does not really control the domain<->ip resolution.

If you can configure your DNS server to point all domains to 1 ip, then you only need 1 vip on the CSS.

However, if you have 1 ip for each domain, you will need the 1 vip per domain on the CSS.

I know working with a single vip sounds easier, but this could be a big limitation for you in the future.

If your number of domain increases or if the traffic load increases, the CSS performance could slow down as it will require to inspect all data to identify the domain name.

Playing with more vip will allow you to identify the domain with just the ip and increase performance.

Regards,

Gilles.

Thanks for rating this answer.

268
Views
0
Helpful
2
Replies
CreatePlease to create content