Chapter 6 Configuring SSL Initiation
Overview of SSL Initiation
6-2
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Use this feature for secure site-to-site data transfers. SSL initiation allows you to
send clear text within a site for maximum speed, while sending encrypted text
through the Internet between sites or to an SSL server for maximum security. For
each SSL server or CSS to which you want to establish an SSL connection from
a clear-text connection, you must configure an SSL initiation service on the CSS
that maps to that SSL server or CSS. This service uses an SSL proxy list to
properly direct the flows within the CSS.
Figure 6-1 illustrates a single SSL initiation flow with an SSL server.
Figure 6-1 SSL Initiation with an SSL Server
Figure 6-2 illustrates an SSL initiation flow with another CSS configured with
SSL termination. In this case, the second CSS acts as a virtual front-end SSL
server.
Figure 6-2 SSL Initiation with a Second CSS Running SSL Termination
An SSL proxy list determines the flow of SSL information among the client, SSL
module, and the SSL server. An SSL proxy list comprises one or more back-end
SSL servers (virtual servers that you create on the CSS SSL module) related by
index entry. An SSL module in the CSS uses the back-end SSL server to initiate
the connection to an SSL server. You can define a maximum of 256 back-end SSL
servers in a single SSL proxy list.
Encrypted
data
Client
CSS with
SSL Initiation
Clear text
Internet
Encrypted
data
SSL server
119569
Encrypted
data
Client A
Site 1
CSS A with
SSL Initiation
Clear
text
Internet
Encrypted
data
Client B
Site 2
CSS B with
SSL Termination
Clear
text
To Next Page
Loading...
Need help?
General
