1. Home
  2. Cisco Systems
  3. How to configure CSS 11501 with SSL and Tomcat Servers?

How to configure CSS 11501 with SSL and Tomcat Servers?

Hello,

I have a CSS 11501 on which I managed to configure a fake SSL on the device itself.

Behind the CSS, I have 2 Tomcat servers listening on port 8754.

These 2 Tomcat servers do not have any "Web Servers" like Apache or IIS which would normally listen on port 80.

With my config below, when I hit the Virtual IP of the CSS, httpS://10.136.2.46/,I get a prompt for a SSL Certificate warning but since I know its a fake SSL, I say OK (I use IE 7) and proceed to the site. Then I see a login page (httpS://....../welcome.do) and as soon as I login with my credentials, I get re-directed to URL http://10.136.2.46/ instead of keeping httpS://.....

My intent is to have an httpS:// session maintained throughout with CSS accepting the incoming encrypted message, does the authentication, decrypts the message to HTTP and forwards the client request to Tomcat on port 8754.

Once the results are back from Tomcat, CSS should re-encrypt it and send the results back to the same client via HTTPS.

Can someone please help me to achieve this? My current config as as follows: -

Thanks a million :)

Sam

---------------------------------------------------------------------------------------------------------------------- CSS11501# show running-config !Generated on 08/23/2007 16:45:45 !Active version: sg0730005

configure

!*************************** GLOBAL *************************** ssl associate rsakey keyname keyfile ssl associate cert certfile certfile

ip route 0.0.0.0 0.0.0.0 10.136.2.254 1

!************************** CIRCUIT ************************** circuit VLAN1

ip address 10.136.2.47 255.255.255.0 no redirects

!*********************** SSL PROXY LIST *********************** ssl-proxy-list ssl_virtual_server ssl-server 20 ssl-server 20 vip address 10.136.2.46 ssl-server 20 rsacert certfile ssl-server 20 rsakey keyname ssl-server 20 cipher rsa-export-with-rc4-40-md5 10.136.2.46 80 weight 5 ssl-server 20 urlrewrite 22 10.136.2.46 sslport 443 clearport 8754 active

!************************** SERVICE ************************** service http_web1_svc ip address 10.136.2.20 protocol tcp port 8754 keepalive type http active

service http_web2_svc ip address 10.136.2.48 protocol tcp port 8754 keepalive type http active

service https_sslvirtualweb_svc type ssl-accel slot 2 keepalive type none add ssl-proxy-list ssl_virtual_server active

!*************************** OWNER *************************** owner NON-SSL

content http_rule sticky-inact-timeout 150 vip address 10.136.2.46 advanced-balance sticky-srcip balance leastconn protocol tcp port 80 add service http_web1_svc add service http_web2_svc active

owner SSL

content https_rule protocol tcp vip address 10.136.2.46 port 443 add service https_sslvirtualweb_svc sticky-serverdown-failover sticky-srcip application ssl advanced-balance ssl active

!*************************** GROUP *************************** group virtual_web_server_pool add destination service http_web1_svc add destination service http_web2_svc vip address 10.136.2.46 active

CSS11501#

Reply to
Sam
Loading thread data ...

bgshankar73 had written this in response to

formatting link
:

Sam,

did you got the solution for this i have similar problem.

pls share the configuration.

thanks gowrishankar

------------------------------------- Sam wrote:

----------------------------------------------------------------------------------------------------------------------

Reply to
bgshankar73

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.