CSS 11150 and SSL module function

Hi, Pro:
There is any way I could find what ssl module could be used on CSS11150?
Thanks,

there is none.
The css111xx and css110xx are not modular so you can't add or remove anything from it.
You will need a CSS115xx.
Regards,
Gilles.

Similar Messages

  • CSS 115xx and SSL module.

    Good day, I have a general question on the SSL module. Currently we have a pair of CSS's handeling our external site web sites. We are starting to run out of external IP addresses, If we installed the SSL module and terminated the Certificates on the CSS would we be able to read the ssl header and utilize 1 ip for multiple ssl sites?
    thx
    -Rich

    Check the URL: Overview of CSS SSL:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/ssl/guide/overview.html
    Examples of CSS SSL Configurations:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html

  • Commit_redundancy script and SSL modules

    I have a number of redundant pairs of 11500s with SSL modules in. When trying to sync the config using the commit_redundancy script it fails at the verification stage. Manually comparing the two running configs it appears that all the config is being replicated except that relating to the SSL config.
    Is this a known 'problem' and is there a quicker solution than manually copying the config? - it's a rather laborious task :(

    I have problems with the commit redundancy script as well, so I do it by hand. I'm currently working on compressing the script to be totally automatic and simple....but need to play with the replace_text function.
    For the most part, here is my procedure
    ftp the config to workstation
    modify the config
    ftp the config back to primary css
    now the next 2 commands I borrowed from the commit script
    @rcmd ${backupIp} "rcmd ${MASTER_IP} 'show script tmp.cfg' 20 newconfig" 20
    @rcmd ${backupIp} "arc scr newconfig startup-config;arc start old-config;rest startup-config start" 20
    issuing these 2 commands from the primary css will copy the file tmp.cfg in the script directory to startup-config on the backup css
    you can then choose to reload the backup, copy startup to runn, etc....on the backup to make the new config active
    Hope this helps

  • CSS with single SSL module.. balance option needed?

    Hi all,
    Quick question. If you have a CSS 11503 with one SSL offload module installed.. is there any point in using the "application ssl" and "advanced-balance ssl" options in the content rule? I can't find any info that tells me for sure but I'm guessing that these options can be used to balance between multiple ssl modules and provide stickiness to the modules etc.. but doesn't have any effect on the traffic distribution and stickiness to the backend server services?
    For example if I have a L5 content rule like the one below and only one SSL module, should i remove the "application ssl" and "advanced-balance ssl" options and just use the port 80 content rule which the ssl proxy lists offloads traffic too and apply the "advanced-balance sticky-srcip-dstport" and "balance leastconn" there ?
      content DEVCOM_TCP443_L5
        vip address x.x.x.x
        application ssl
        advanced-balance ssl
        protocol tcp
        port 443
        url "//dev.subdomain.domain.com/*"
        add service ssl_module1
        active
    I have read various forum postings and i read the CSS SSL config guide but the examples all seem to differ in their implementation.
    Many thanks
    Scott

    You're correct.
    There is no need to specify the application type as ssl and the advanced-balance method when using a single ssl module.
    Gilles.

  • CSS 11501 and SSL

    Hi,
    I have a few questions regarding the CSS and SSL certificates.
    I have 2 CSS 11501 and 3 web servers, how many SSL certificates do I need?
    I want to configure the CSS as active - active, is this supported using the SSL accelleration module? If it is, is it configured the same way as a standalone CSS. The documentation only mentions configurations using single module and 2 modules in the same CSS.
    And a clarificacion: Does the term Backend in the CSS SSL config refer to servers on a different subnet (in our case physically separated). Our config is 2 FW -> 2 CSS -> 3 Web servers -> 2 backend FW -> 6 Backend servers (app and DB). Am I correct in assuming that Backend refer to this backend? (This might seem like a silly question but the documentation has me confused)
    Any help is much appreciated.
    Thanks,
    Niels

    Niels,
    there is currently an ASK THE EXPERT event.
    Please join us if you have more questions.
    Regarding the certificate, you could just use one.
    Get 1 certificate for your VIP and upload it on both SSL module.
    However, you might have to get 2, because certificate providers usually say it's one per physical device.
    If you plan on doing SSL on the servers as well, you need 3 more certificates. Or you coul use a single certificate if this is allowed by the company that will give it to you.
    Backend refers to server behind the CSS.
    Like a firewall defines inside and outside interfaces, the CSS define the frontend and the backend.
    The frontend is the client side and the backend the server side.
    When you say active/active, what do you want to achieve exactly ?
    You can indeed have 2 Vip and one is active on CSS1 while the other is active on CSS2.
    However, if the CSS shares the same set of servers, you need to be careful that the return traffic from the server to the client goes back to the same server. This may require client nat (group config).
    Regards,
    Gilles.

  • HTTPS ans SSL with CSS (No SSL Module)

    Hi,
    My customers have two server and need to load balance.
    These servers initiate SSL.
    and VIP address is :
    https://erpappl.erp.mis.blabla.tgc:8005
    My CSS has no ssl module. An dconfiguration is:
    service venice
    ip address 10.200.104.32
    protocol tcp
    port 8005
    keepalive type tcp
    keepalive port 8005
    redundant-index 120
    active
    service calgary
    ip address 10.200.104.33
    protocol tcp
    port 8005
    keepalive type tcp
    keepalive port 8005
    redundant-index 121
    active
    owner ERPAPPL
    content erpapp_test
    add service venice
    add service calgary
    redundant-index 60
    vip address 10.200.104.28
    protocol tcp
    port 8005
    url "/*"
    arrowpoint-cookie expiration 00:00:03:00
    advanced-balance arrowpoint-cookie
    application ssl
    active
    After this configuration I cannot reach the URL shown above.
    Can you help me?

    if this is encrypted traffic [HTTPS] the CSS can't see the content of the packet.
    So the CSS can't see the url [-> so the command url "/*" is incorrtect and should be removed] and the CSS can't see cookies [so the arrowpoint-cookie command is wrong and should be removed].
    If we sell an SSL module, there is a reason :-)
    The only sticky option you can use are :
    - sticky based on srcip
    - sticky on sslid
    The first option [srcip] has a problem with mega proxy [many users being nated with the same ip] and the 2nd option has the problem that it only works with SSLV2 and that some browsers do not use the sslid.
    Gilles.

  • CSS 11503 SSL Module: .pfx file export to sftp

    Hello
    I wanted to know of there was a way to export the .pfx files off of the SSL Module to an SFTP server.....preferably in bulk not one at a time.  I want a central storage location for these files in the event that the CSS or the SSL module crashes.
    Thanks

    Hi Jay,
    Sure you can export the .pfx files out of the CSS but you need to do this one by one, there is no way you can get them out all at once.
    To export the files you first need to define your SFTP server IP address, username and passwd:
    CSS(config)# ftp-record SFTP_Server 10.10.10.1 username "password"
    Once you have the file name you need to enter this command:
    CSS# copy ssl sftp SFTP_Server export Certificate.pfx PKCS12 "passphrase" "password"
    : This is the password used to protect the file when it was created.
    : This is a local significant password on the CSS used when the file was
                imported into the box.
    * If you don't know these passwds you can't export the files out of the CSS.
    HTH
    Pablo

  • HTTPS Keepalive with the CSM & SSL Module

    Has anyone had any success getting a secured web page for a keepalive using the CSM with and SSL module. If so can post an example?
    Thank you,
    Dave

    Hi David,
    Here find some full config example for your perusal for CSM and SSL Services Module Initial Configuration Example
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080216c16.shtml
    2nd config example to Configuring CSM to Load Balance SSL to a Farm of SCAs for One-Armed Proxy Mode
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801aca55.shtml
    Sachin garg

  • CSS without SSL Module needing sticky sessions

    Hello All,
    If anyone can help with this sticky situation I'd appreciate it.
    I have a customer with a CSS11501. He does not have an SSL module installed.
    He has 2 blade servers, when he adds a web site, which is accessible over SSL, the CSS load balances client requests causing lost sessions, mostly lost pop-ups, it does not want stick to the same server.
    I've configured the following:-
    service web1
    protocol tcp
    port 443
    keepalive type tcp
    ip address 192.168.200.50
    string web1
    active
    service web2
    rotocol tcp
    port 443
    eepalive type tcp
    ip address 192.168.200.51
    string web2
    active
    content SSL_Web
    add service web1
    add service web2
    rotocol tcp
    port 443
    vip address 1.2.3.4
    application ssl
    advanced-balance sticky-srcip-dstport
    active
    group web_Farm
      add service web1
      add service web2
      vip address 1.2.3.4
      active
    I was attempting to get the client to stick to the server but unfortunately, this didn't work, the CSS seems to continue to send requests to both servers and they are getting scripting errors.
    Once the customer turns off the second blade, all is ok.
    I did try adding the string value to the service and configuring 'advanced-balance arrowpoint-cookie' in the content but the clients were unable to reach any web sites.
    Best Regards Tony

    Tony,
    The config looks fine other than the "application SSL" under the content rule, and right now you are probing the servers with a tcp probe on port 80. If you want the probe to be on port 443 you should add the command "keepalive port 443" to both of the services. The CSS will default to port 80 for a tcp probe.
    Regards
    Jim

  • Calling and executing a function module in the Portal iview development

    Hello Portal development gurus...
        I am very new to portal iview development and am learning a lot of stuff.. I now have a requirement to do the following:
      1. I need to use the NWDS to create java code in developing an iview
      2. I need to call and execute a function module and display the parameters pulled in from the function module onto a Jsp.
    3. I need to create an iview based on this deployed component.
    Could anybody please explain me how to do the coding on this front?
    I appreciate if anybody can share documentation about this kind of a development.
    As always, points galore for useful and helpful suggestions.
    Regards,
    ~~~LB

    Hi,
    Firstly Have you searched in SDN for the same, anyhow please go through the link to work on the requirement
    [/docs/DOC-8061#15|/docs/DOC-8061#15]
    Go through the thread which will talk in detail
    [https://forums.sdn.sap.com/click.jspa?searchID=19551584&messageID=6348955|https://forums.sdn.sap.com/click.jspa?searchID=19551584&messageID=6348955]
    Hope this helps.
    Cheers-
    Pramod

  • Guidence regarding creating  a test data and running any function module

    hi pals,
       can you plz tell me how to create a test data, commit and run any function module, in details(step wise) ??

    Hi yawmark,
    I appologise for including a poor code example ealier on, i had to come up with something quick. I will however, visit the sugeted sites you mentioned, thank you.
    I did however, create a simple class that compiles and can be used to set, return, reset and print a few details about a person. I hope that is of better use than my previous example. here it is:
    public class SimplePerson {
        int age = 0;
        String firstName = "";
        String lastName = "";
        /** Creates a new instance of SimplePerson */
        public SimplePerson() {
        /** Sets the age of this person */
        private void setAge(int takeAge){
            age = takeAge;
        /** Returns the age of this person */
        private int getAge(){
            return age;
        /** Sets the First Name of this person */
        private void setFirstName(String takeName){
            firstName = takeName;
        /** Returns the First Name of this person */
        private String getFirstName(){
            return firstName;
        /** Sets the Last Name of this person */
        private void setLastName(String takeName){
            firstName = takeName;
        /** Returns the Last Name of this person */
        private String getLastName(){
            return firstName;
        /** Resets the details of this person back to back to
         *  the default form.
        private void resetAll(){
            age = 0;
            firstName = "";
            lastName = "";
        /** Prints all the details this person has */
        private void printAll(){
            System.out.println("Age: " +Integer.toString(age)
                    + "\n First Name: " + firstName
                    + "\n Last Name: " + lastName );
    }Cheers mate

  • Parameters RCVPFC and SNDPFC in function module MASTERIDOC_CREATE_CLFMAS

    hi ,
    I am using the function module MASTERIDOC_CREATE_CLFMAS to trigger the idoc CLFMAS ,
    While exporting parameters to this function i need to pass RCVPFC(Partner function of receiver) and SNDPFC(Partner function of sender) but i cannot understand what to pass in these parameters.
    Can anybody tell me what are these parameters.
    thanks,
    loveena.

    have a look at this
    http://help.sap.com/saphelp_nw04/helpdata/en/13/95244269625633e10000000a155106/frameset.htm
    My R/3 Source System got in-Activate....... How do i get it Activate..?
    Regds
    Abhishek

  • Function module like ENQUEUE and DEQUEUE for function location.

    Hi All,
    I should be highly appreciate if any one help me for locking function module like ENQUEUE and DEQUEUE
    for function location.
    Thanks
    Shaw

    Hi,
    You can either use the standard way of locking by using :
    data:lv_varkey          TYPE rstable-varkey.
    concatenate functional_location sy-mandt into lv_varkey .
    *   Lock table
        CALL FUNCTION 'ENQUEUE_E_TABLEE'
          EXPORTING
            mode_rstable   = 'E'
            tabname        = 'IFLOS'
            varkey         = lv_varkey
          EXCEPTIONS
            foreign_lock   = 1
            system_failure = 2
            OTHERS         = 3.
    *     Unlock table
          CALL FUNCTION 'DEQUEUE_E_TABLEE'
            EXPORTING
              mode_rstable = 'E'
              tabname      = 'IFLOS'
              varkey       = lv_varkey.
    Or,
    As mentioned above create a lock object via transaction SE11.
    Go to transaction se11:
    --> Enter lock object name e.g EZ_IFLOS
    --> Click on create
    --> Enter description
    --> Click on tables tab
    --> Enter 'IFLOS' as table name
    --> select lock mode
    --. click on save and activate.
    2 function modules will be created as DEQUEUE_EZ_IFLOS and ENQUEUE_EZ_IFLOS .
    Regards.

  • CSS - 11506 - Adding New SSL Services on Single SSL Modules

    Hi,
    We are having one pair of CCS 11506 currently SSL services are running on slot4 with single SSL module.Now we are planning to add one more SSL application with different certificates & keys on different VIP.
    Can we use the same slot4 for new application & using different certicates & keys on same SSL modules.Your reponse is appriecated

    Hi Sean,
    Thanks for replying back just want few clarifcations in configuration part.
    1. If new vlan is given for new application then how to point routes to the new vlan as default routes to exisitng vlan is already present.
    2. I've prepare sample config template with details steps & let us know will it work & if changes is required kindly let us know.
    1.# ftp-record ssl_record 192.168.19.21 johndoe "abc123"
    /home/johndoe
    2.# copy ssl sftp ssl_record import rsacert.pem PEM "passwd123"
    Connecting
    Completed successfully
    3.# copy ssl sftp ssl_record import rsakey.pem PEM "passwd123"
    Connecting
    Completed successfully
    4.Enter configuration mode.
    # config
    (config) #
    4. To use RSA public key exchange and authentication:
    a. Associate the imported RSA certificate with a file.
    (config) # ssl associate cert myrsacert1 rsacert.pem
    b. Associate the imported RSA key pair with a file.
    (config) # ssl associate rsakey myrsakey1 rsakey.pem
    5. Compare the public key in the associated certificate with the public key
    stored with the associated private key and verify that they are identical.
    (config) # ssl verify myrsacert1 myrsakey1
    Certificate mycert1 matches key mykey1
    ssl associate rsakey NEWKEY newkey.pem
    ssl associate cert NEWCERT newcert.pem
    !************************* INTERFACE *************************
    interface 3/3
    description "****WEB SIDE****"
    bridge vlan _ID_X.X.X.X
    bridge port-fast enable
    interface 3/4
    bridge vlan_ID_Y.Y.Y.Y
    bridge port-fast enable
    description "****PIX SIDE****"
    !************************** CIRCUIT **************************
    circuit VLAN_ID_X
    ip address A.A.A.A B.B.B.0
    ip virtual-router 2 priority 101 preempt
    ip redundant-interface 3 C.C.C.C
    ip critical-service 3 chk-con-pix_Y.Y.Y.Y
    ip critical-service 3 chk-con-web_X.X.X.X
    circuit VLAN_ID_Y
    ip address D.D.D.D E.E.E.0
    ip virtual-router 4 priority 101 preempt
    ip redundant-vip 4 F.F.F.F
    ip critical-service 4 chk-con-pix_Y.Y.Y.Y
    ip critical-service 4 chk-con-web_X.X.X.X
    !*********************** SSL PROXY LIST ***********************
    ssl-proxy-list NEW
    ssl-server 20
    ssl-server 20 vip address F.F.F.F
    ssl-server 20 cipher rsa-with-rc4-128-sha F.F.F.F 81
    ssl-server 20 cipher rsa-with-rc4-128-md5 F.F.F.F 81
    ssl-server 20 rsacert NEWCERT
    ssl-server 20 rsakey NEWKEY
    active
    !************************** SERVICE **************************
    service FRONT_SSL
    type ssl-accel
    slot 4
    keepalive type none
    add ssl-proxy-list NEW
    active
    service WEBSERVER-03
    ip address G.G.G.G
    redundant-index 3
    protocol tcp
    port 80
    active
    service WEBSERVER-04
    ip address H.H.H.H
    redundant-index 4
    protocol tcp
    port 80
    active
    service chk-con-pix_Y.Y.Y.Y
    keepalive type script ap-kal-pinglist "N.N.N.N"
    ip address J.J.J.J
    keepalive frequency 2
    keepalive maxfailure 2
    keepalive retryperiod 2
    active
    service chk-con-web_X
    ip address K.K.K.K
    keepalive type script ap-kal-pinglist "P.P.P.P"
    keepalive frequency 2
    keepalive maxfailure 2
    keepalive retryperiod 2
    active
    !*************************** OWNER ***************************
    owner NEW
    content BACKNEW_HTTP
    vip address F.F.F.F
    add service WEBSERVER-03
    add service WEBSERVER-04
    protocol tcp
    port 81
    url "/*"
    redundant-index 5
    no persistent
    active
    content FRONTENDNEW_SSL
    vip address F.F.F.F
    protocol tcp
    port 443
    application ssl
    add service FRONT_SSL
    active
    content NEW
    url "//www.ABC.com/*"
    vip address F.F.F.F
    protocol tcp
    port 80
    redundant-index 4
    redirect "https://ABC.com"
    active
    your reply on this would be highly appericated.

  • Custome BAPI - declare ITAB and define the Function Module and Subroutine

    Hello Experts
    I want to create a Custom BAPI and it has the following scenario:
    1) a Function Module which collects some records into it internal table, say ITAB
    2) a Subroutine which moved the records from ITAB to BAPI table
    Now, I want to declare ITAB and define the Function Module and Subroutine.
    Where and How can I do this?
    Plz suggest.
    Regards
    BD

    Hi,
      1) Got to SE37 and create an RFC .
      2) Declare the ITAB directly in the TABLES tab of the FM.
      3) Inside the FM source Code tab, collect all the data using SELECT query and directly or by using logic, put the data into the
          ITAB.
      4) Since the data collected is directly put into the itab you dont need a subroutine to be written.
      5) If subroutine is a necessity, then just write PERFORM SUB ROUTINE NAME.
           AND DEFINE THE FORM ENDFORM OF THE SUBROUTINE AFTER THE ENDFUNCTION OF THE FM
       Let me know if any issues....
    Regards,
    Vimal.

Maybe you are looking for

  • I upgraded to Windows 8.1 before upgrading to Bootcamp 5.1. Now I can't install BootCamp 5.1 on Windows 8.1, or update the drivers. What do I do?

    Back in the day, I used Boot Camp assistant to install Windows 7 on my MacBook Pro (15"). Since then, I've upgraded to Windows 8, and more recently Windows 8.1. Howeve, I never once updated Boot Camp. After upgrading to Windows 8.1, I've been unable

  • Saving and opening files in textedit not working

    It was all good yesterday....today, I cannot open any previous files and documents in textedit, nor can I save any new ones. Whats going on??? It says i dont have permissions and to open in finder and click get info...nothing is working??

  • Printer compatible with Snow Leopard?

    I think my 5 year old Canon iP4000R workhorse printer may have died... I may try to get it repaired; but wondering if there are any of you out there who can recommend another printer? IT MUST HAVE WIRED INTERNET CONNECTION. I like the 2 side printing

  • JMS Server without J2EE server?

    Hi, We're working on a relatively small application where a small amount of messaging would be beneficial. What I ideally need is a free reference implementation of the JMS spec which does not require a full J2EE server with ORB, etc all being starte

  • Mobile Compatibility

    I don't even have access to the necessary hardware and software to try this out but I'd hazard a guess that using Webtools in  Internet Explorer on  Windows Mobile is currently either a non-starter or at very best so difficult to be unuseable. I have