Chapter 2 SSL Configuration Quick Starts
2-14
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
7. Create an SSL content rule.
(config)# owner ssl_owner
Create owner <ssl_owner>, [y/n]: y
(config-owner[ssl_owner])# content ssl_rule1
Create content <ssl_rule1>, [y/n]: y
8. Configure a VIP address or domain name for the content rule. Ensure that
the VIP address is the same as the address specified in the SSL proxy list.
(config-owner-content[ssl-rule1]# vip address 192.168.3.6
9. Specify a TCP port number for the content rule. Ensure the port number is
the same as the port specified in the SSL proxy list.
(config-owner-content[ssl-rule1]# port 444
10. If you are using two or more SSL modules and want to use stickiness based
on SSL version 3 session ID for a Layer 5 content rule, specify the following
parameters in the content rule to take advantage of the SSL session ID
reuse:
• Enter the application ssl command to specify the SSL application type.
(config-owner-content[ssl-rule1])# application ssl
• Enter the advanced-balance ssl command to enable the content rule to
be sticky based on SSL.
(config-owner-content[ssl-rule1])# advanced-balance ssl
11. Add the SSL service to the content rule.
(config-owner-content[ssl_rule1])# add service ssl_serv1
12. Activate the content rule.
(config-owner-content[ssl_rule1])# active
13. Save your configuration changes to the running configuration.
# copy running-config startup-config
14. Continue to Table 2-7 if your configuration includes back-end SSL or
Table 2-8 if your configuration includes SSL initiation.
Table 2-6 SSL Server Service and Content Rule Quick Start (continued)
Task and Command Example