Chapter 6
Configuring SSL Initiation
Note
Configuring the SSL Initiation Service Keepalive Type
Note
OL-5655-01
The CSS supports multiple active SSL services of type ssl-init for each SSL
module in the CSS.
For example, to identify an SSL module in slot 3 of the CSS chassis, enter:
(config-service[ssl_serv1])# slot 3
A service of type ssl-init supports the use of keepalives to periodically check the
health of the SSL server. The CSS sends the keepalives to the IP address
configured on the service. To configure a keepalive, use the keepalive type
command in service configuration mode. The syntax for this service configuration
mode command is:
(config-service[server1])# keepalive type type
For the type variable, enter one of the following keepalive types:
icmp - An ICMP echo message (ping). This is the default keepalive type.
•
none - Do not send keepalive messages to a service.
•
ssl - SSL HELLO keepalives for this service. Use this keepalive for all
•
back-end services supporting SSL. The CSS sends a client HELLO to connect
the SSL server. After the CSS receives a HELLO from the server, the CSS
closes the connection with a TCP RST.
•
tcp - A TCP session that determines service viability through a 3-way
handshake and reset; SYN, SYN-ACK, ACK, RST-ACK.
If you configure either the SSL or TCP keepalive type, you need to configure the
port used by the keepalive.
For more information about these and other CSS keepalives, refer to the Cisco
Content Services Switch Content Load-Balancing Configuration Guide.
Cisco Content Services Switch SSL Configuration Guide
Configuring a Service for SSL Initiation
6-27