Figure 6-2 Ssl Initiation With A Second Css Running Ssl Termination - Cisco 11503 - CSS Content Services Switch Configuration Manual

Overview of SSL Initiation
Figure 6-2 SSL Initiation with a Second CSS Running SSL Termination
Clear
text
Site 1
Client A
CSS A with
SSL Initiation
Cisco Content Services Switch SSL Configuration Guide
6-2
Use this feature for secure site-to-site data transfers. SSL initiation allows you to
send clear text within a site for maximum speed, while sending encrypted text
through the Internet between sites or to an SSL server for maximum security. For
each SSL server or CSS to which you want to establish an SSL connection from
a clear-text connection, you must configure an SSL initiation service on the CSS
that maps to that SSL server or CSS. This service uses an SSL proxy list to
properly direct the flows within the CSS.
Figure 6-1 illustrates a single SSL initiation flow with an SSL server.
Figure 6-1 SSL Initiation with an SSL Server
Clear text
CSS with
Client
SSL Initiation
Figure 6-2 illustrates an SSL initiation flow with another CSS configured with
SSL termination. In this case, the second CSS acts as a virtual front-end SSL
server.
Encrypted
Internet
data
An SSL proxy list determines the flow of SSL information among the client, SSL
module, and the SSL server. An SSL proxy list comprises one or more back-end
SSL servers (virtual servers that you create on the CSS SSL module) related by
index entry. An SSL module in the CSS uses the back-end SSL server to initiate
the connection to an SSL server. You can define a maximum of 256 back-end SSL
servers in a single SSL proxy list.
Chapter 6
Encrypted
Internet
data
Encrypted Clear
data
Site 2
CSS B with
SSL Termination
Configuring SSL Initiation
Encrypted
data
SSL server
text
Client B
OL-5655-01