Suspending The Ssl Service; Configuring A Content Rule For Ssl Termination - Cisco 11503 - CSS Content Services Switch Configuration Manual

Chapter 4 Configuring SSL Termination

Suspending the SSL Service

Configuring a Content Rule for SSL Termination

OL-5655-01
Once the service is ready to activate, the CSS initiates the transfer of appropriate
SSL configuration data for each SSL proxy list to a specific SSL module and
activates the service. If there is an error in transfer, the CSS logs the appropriate
error and does not activate the service.
No modifications may be made to an active SSL proxy list. If modifications are
necessary, first suspend the ssl service to make changes to the SSL proxy list
entries.
To activate service ssl_serv1, enter:
(config-service[ssl_serv1])# active
To suspend an SSL service and remove it from the pool for future load-balancing
SSL content requests, use the suspend command. Suspending an SSL service
does not affect existing content flows, but it prevents additional connections from
accessing the service for its content.
You must suspend a service prior to modifying an SSL proxy list.
To suspend service ssl_serv1, enter:
(config-service[ssl_serv1])# suspend
For the CSS to direct SSL requests for content, apply the virtual services to
content rules. No network traffic is sent to an SSL module until you activate an
SSL content rule to define where the content physically resides, where to direct
the request for content (which SSL service), and which load-balancing method to
use.
For a virtual SSL server content rule, ensure that the VIP address and port number
configured for the rule match the VIP address and port number for the server entry
in the SSL proxy list.
Configuring a Content Rule for SSL Termination
Cisco Content Services Switch SSL Configuration Guide
4-53