Hello,
I have a CSS 11501 on which I managed to configure a fake SSL on the device itself.
Behind the CSS, I have 2 Tomcat servers listening on port 8754.
These 2 Tomcat servers do not have any "Web Servers" like Apache or IIS which would normally listen on port 80.
With my config below, when I hit the Virtual IP of the CSS, httpS://10.136.2.46/,I get a prompt for a SSL Certificate warning but since I know its a fake SSL, I say OK (I use IE 7) and proceed to the site. Then I see a login page (httpS://....../welcome.do) and as soon as I login with my credentials, I get re-directed to URL http://10.136.2.46/ instead of keeping httpS://.....
My intent is to have an httpS:// session maintained throughout with CSS accepting the incoming encrypted message, does the authentication, decrypts the message to HTTP and forwards the client request to Tomcat on port 8754.
Once the results are back from Tomcat, CSS should re-encrypt it and send the results back to the same client via HTTPS.
Can someone please help me to achieve this? My current config as as follows: -
Thanks a million :)
Sam
---------------------------------------------------------------------------------------------------------------------- CSS11501# show running-config !Generated on 08/23/2007 16:45:45 !Active version: sg0730005
configure
!*************************** GLOBAL *************************** ssl associate rsakey keyname keyfile ssl associate cert certfile certfile
ip route 0.0.0.0 0.0.0.0 10.136.2.254 1
!************************** CIRCUIT ************************** circuit VLAN1
ip address 10.136.2.47 255.255.255.0 no redirects
!*********************** SSL PROXY LIST *********************** ssl-proxy-list ssl_virtual_server ssl-server 20 ssl-server 20 vip address 10.136.2.46 ssl-server 20 rsacert certfile ssl-server 20 rsakey keyname ssl-server 20 cipher rsa-export-with-rc4-40-md5 10.136.2.46 80 weight 5 ssl-server 20 urlrewrite 22 10.136.2.46 sslport 443 clearport 8754 active
!************************** SERVICE ************************** service http_web1_svc ip address 10.136.2.20 protocol tcp port 8754 keepalive type http active
service http_web2_svc ip address 10.136.2.48 protocol tcp port 8754 keepalive type http active
service https_sslvirtualweb_svc type ssl-accel slot 2 keepalive type none add ssl-proxy-list ssl_virtual_server active
!*************************** OWNER *************************** owner NON-SSL
content http_rule sticky-inact-timeout 150 vip address 10.136.2.46 advanced-balance sticky-srcip balance leastconn protocol tcp port 80 add service http_web1_svc add service http_web2_svc active
owner SSL
content https_rule protocol tcp vip address 10.136.2.46 port 443 add service https_sslvirtualweb_svc sticky-serverdown-failover sticky-srcip application ssl advanced-balance ssl active
!*************************** GROUP *************************** group virtual_web_server_pool add destination service http_web1_svc add destination service http_web2_svc vip address 10.136.2.46 active
CSS11501#