Configuring a Service for SSL Termination
Activating the SSL Service
Cisco Content Services Switch SSL Configuration Guide
4-52
If you specify 0 as the SSL session cache size, the SSL module associated with
the SSL service does not cache any SSL session IDs. If you choose to disable the
SSL session cache, ensure the following parameters are properly configured to
disable the use of SSL session ID:
Set the ssl-server number session-cache timeout setting in the SSL proxy list
•
to 0 (disabled) for a virtual SSL server.
Disable the advanced-balance ssl command in the content rule to disable
•
SSL sticky.
For example, to specify an SSL session cache size of 20000 sessions, enter:
(config-service[ssl_serv1])# session-cache-size 20000
To reset the SSL session cache size to the default of 10000 sessions, enter:
(config-service[ssl_serv1])# no session-cache-size
Once you configure an SSL proxy list service, use the active command to activate
the service. Activating a service puts it into the resource pool for load-balancing
SSL content requests between the client and the server.
Before activating an SSL service:
For a virtual SSL server, you must add an SSL proxy list to an ssl-accel type
•
service before you can activate the service. If no list is configured when you
enter the active command, the CSS logs the following error message and does
not activate the service.
Must add at least one ssl-proxy-list to an ssl-accel type service
For a back-end SSL server, you must add an SSL proxy list to an
•
ssl-accel-backend type service before you can activate the service. If no list
is configured when you enter the active command, the CSS logs the following
error message and does not activate the service.
Must add at least one ssl-proxy-list to an ssl-accel type service
The SSL proxy list added to the service must be active before you can activate
•
the service. If the list is suspended, the CSS logs the following error message
and does not activate the service.
No ssl-lists on service, service not activated
Chapter 4
Configuring SSL Termination
OL-5655-01