cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
515
Views
0
Helpful
2
Replies

Wild Card Cert

STEVE FLIS
Level 1
Level 1

Is there a way to use a wild card cert in the CSS SSL Proxy list ?

Looks like you can request a cert such as ABC*.xyz.com from Verisighn.

Can you use that in a CSS for URLS like

ABC1.xyz.com

ABC2.xyz.com

ABC3.xyz.com

and only use one VIP ?

Thanks

Steve

2 Replies 2

smahbub
Level 6
Level 6

Yes it is possible to use the Wild card cert in the CSS SSL. You would need to use a wild card cert (for both domains) and/or limit the site to only one domain...and have the CSS send the client a 302 redirect if the other domain was used.

Gilles Dufour
Cisco Employee
Cisco Employee

the domain will be used to get a destination ip address.

So, the CSS does not really control the domain<->ip resolution.

If you can configure your DNS server to point all domains to 1 ip, then you only need 1 vip on the CSS.

However, if you have 1 ip for each domain, you will need the 1 vip per domain on the CSS.

I know working with a single vip sounds easier, but this could be a big limitation for you in the future.

If your number of domain increases or if the traffic load increases, the CSS performance could slow down as it will require to inspect all data to identify the domain name.

Playing with more vip will allow you to identify the domain with just the ip and increase performance.

Regards,

Gilles.

Thanks for rating this answer.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: