Real Server Ip Addresses; Keys; Certificates; Step-Up Certificates And Server-Gated Cryptography - Cisco CSS11501 - 100Mbps Ethernet Load Balancing Device Configuration Manual

Appendix F SSL Introduction

Real Server IP Addresses

Keys

Certificates

Step-Up Certificates and Server-Gated Cryptography

Note
78-13124-05
Each SSL server is associated with a specific IP address and TCP port. The
address and TCP port are unique and may not be used for more than one SSL
server on a single SSL device.
A single key can be used with each an individual SSL server. You can load
multiple keys into the device; however, only one can be used with each SSL
server. Keys can be imported from DER- and PEM-encoded X509-format key
files, IIS4 backup key-format (NET-IIS), and PKCS#12 files.
A certificate is loaded into the device to be used as either a single certificate or
part of a certificate group. Only one certificate or certificate group can be used
with each server. Certificates can be imported from DER- and PEM-encoded
X.509 files, IIS4 backup format (NET-IIS), PKCS#12 files, and PCKS#7
certificate groups.
Cisco Secure Content Accelerator devices support both Netscape International
Step-Up Certificates and Microsoft Server-Gated Cryptography. No special
configuration is needed for the device to function properly with these certificates.
Load the certificate normally.
You must specify that your certificate will work with both Microsoft
and Netscape browsers when requesting it from the CA. Otherwise,
the server cannot support both browsers.
Cisco 11000 Series Secure Content Accelerator Configuration Guide
Cisco SSL Configuration Components
F-9