6-23
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 6 Configuring SSL Initiation
Activating and Suspending an SSL Proxy List
Activating and Suspending an SSL Proxy List
Before you can activate an SSL proxy list, ensure that you have created at least
one back-end SSL server configured as type initiation in the list. See the
“Configuring Back-End SSL Servers in an SSL Initiation Proxy List” section.
The CSS checks the SSL proxy list to verify that all of the necessary components
are configured, including verification of the certificate and key pair against each
other. If the verification fails, the certificate name is not accepted and the CSS
logs the error message
Certificate and key pair do not match and does not
activate the SSL proxy list. You must either remove the configured key pair or
configure a valid certificate.
Use the active command to activate the new or modified SSL proxy list. For
example, enter:
(config-ssl-proxy-list[ssl_list1])# active
After you activate an SSL proxy list, you can add it to a service. See the
“Configuring a Service for SSL Initiation” section.
Note No modifications to an SSL proxy list are permitted on an active list. Suspend the
list prior to making changes, and then reactivate the SSL proxy list once the
changes are complete. Once you have modified the SSL proxy list, suspend the
SSL service, reactivate the SSL proxy list, and then reactivate the SSL service to
apply the changes.
To display the back-end SSL servers configured in a proxy list, use the show
ssl-proxy-list command (see Chapter 7, Displaying SSL Configuration
Information and Statistics).
Use the suspend command to suspend an active SSL proxy list.
To suspend an active SSL proxy list, enter:
(config-ssl-proxy-list[ssl_list1])# suspend
To Next Page
Loading...
Need help?
General
