Ssl Termination - Cisco 11503 - CSS Content Services Switch Configuration Manual

Overview of the SSL Module Functions in the CSS

SSL Termination

Cisco Content Services Switch SSL Configuration Guide
1-8
No network traffic is sent to an SSL module from the SCM until an SSL content
rule is activated to:
Define where the content physically resides
•
Specify where to direct the request for content (which service)
•
Specify which load-balancing method to use
•
An SSL proxy list determines the flow of information to and from an SSL module.
An entry in the proxy list defines the flow from a client to an SSL module. An
entry also defines a flow from an SSL module to a back-end SSL server. To define
how an SSL module processes SSL requests for content, add an SSL proxy list to
an SSL service. For more detailed information on the SSL module functions, see
the "Processing of SSL Flows by the SSL Module"
Examples of CSS SSL
The SSL module provides the following major SSL features:
SSL Termination
•
Client Authentication
•
Back-End SSL
•
SSL Initiation
•
When you create an entry in a proxy list to define the flow between an SSL
module and a client, the module operates as a virtual SSL server by adding
security services between a web browser (the client) and the HTTP connection
(the server). All inbound SSL flows from a client terminate at an SSL module in
the CSS.
Once the connection is terminated, the SSL module decrypts the data and sends
the data as clear text to the CSS for a decision on load balancing. The CSS
transmits the data as clear text to an HTTP server. For more information about
SSL termination in the CSS, see
Configurations.
Chapter 4, Configuring SSL
Chapter 1 Overview of CSS SSL
section in Chapter 8,
Termination.
OL-5655-01