Creating An Ssl Proxy List; Figure 4-1 Ssl Termination; Chapter 4 Configuring Ssl Termination - Cisco 11503 - CSS Content Services Switch Configuration Manual

Chapter 4 Configuring SSL Termination

Creating an SSL Proxy List

Figure 4-1 illustrates an SSL connection between a client and a CSS configured
with an SSL module acting as an SSL server.
Figure 4-1 SSL Termination
Encrypted data Clear text
HTTP server
CSS with
Client
SSL Termination
An SSL proxy list determines the flow of SSL information between the SSL
module, the client, and the server. An SSL proxy list comprises one or more
virtual SSL servers (related by index entry). An SSL module in the CSS uses the
virtual SSL servers to properly process and terminate SSL communications
between the client and the server. You can define a maximum of 256 virtual SSL
servers for a single SSL proxy list.
After you create and configure the entries in a proxy list, you must activate the
list, and then add the SSL proxy list to a service to initiate the transfer of SSL
configuration data to the SSL module. When you activate the service, the CSS
transfers the data to the module. Then you can add each SSL service to an SSL
content rule.
Creating an SSL Proxy List
An SSL proxy list is a group of related virtual SSL servers that are associated with
an SSL service. To create an SSL proxy list, use the ssl-proxy-list command.
You can access the ssl-proxy-list configuration mode from most configuration
modes except for ACL, boot, group, rmon, or owner configuration modes. You can
also use this command from the ssl-proxy-list configuration mode to access
another SSL proxy list. Enter the SSL proxy list name as an unquoted text string
from 1 to 31 characters.
For example, to create the SSL proxy list, ssl_list1, enter:
(config)# ssl-proxy-list ssl_list1
Create ssl-list <ssl_list1>, [y/n]: y
Cisco Content Services Switch SSL Configuration Guide
4-2
OL-5655-01