Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-6
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Creating an SSL Server Index
You must create a virtual SSL server before you can configure SSL proxy list
parameters. To identify SSL-specific parameters for the SSL proxy list, use the
ssl-server number command. This command creates a number (index entry) in the
SSL proxy list that you use to configure specific SSL parameters associated with
the virtual SSL server (for example, VIP address, certificate name, and key pair).
Enter an integer from 1 to 256.
For example, to specify virtual SSL server 20, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20
To remove the virtual SSL server from the SSL proxy list, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20
Specifying a Virtual IP Address
The SSL module uses this VIP address as the means to know which traffic it
should accept. Ensure that the VIP address matches a VIP address configured in
a content rule. Use the ssl-server number vip address ip_or_host command to
specify a virtual IP (VIP) address. Enter a VIP address for the virtual SSL server
that corresponds to an SSL content rule. See the “Configuring a Content Rule for
SSL Termination” section.
Enter a valid VIP address in either dotted-decimal IP notation (for example,
192.168.11.1) or mnemonic host-name format (for example,
myhost.mydomain.com).
Note When you use the mnemonic host name format for the VIP address, the CSS uses
its Domain Name Service (DNS) facility to translates host names such as
myhost.mydomain.com to IP addresses such as 192.168.11.1. If the host name
cannot be resolved, the VIP address setting is not accepted and an error message
appears indicating host resolution failure. For details on configuring a Domain
Name Service, refer to the Cisco Content Services Switch Global Server
Load-Balancing Configuration Guide.
To Next Page
Loading...
Need help?
General
