Product Documentation
ADC
14.1 - Current Release 13.1 13.0 12.1
View PDF

Configure SSL offloading with end-to-end encryption

September 21, 2020
Contributed by:
S S

A simple SSL offloading setup terminates SSL traffic (HTTPS), decrypts the SSL records, and forwards the clear text (HTTP) traffic to the back-end web servers. Clear text traffic is vulnerable to being spoofed, read, stolen, or compromised by individuals who succeed in gaining access to the back-end network devices or web servers.

You can, therefore, configure SSL offloading with end-to-end security by re-encrypting the clear text data and using secure SSL sessions to communicate with the back-end Web servers.

Configure the back-end SSL transactions so that the appliance uses SSL session multiplexing to reuse existing SSL sessions with the back-end web servers. It helps in avoiding CPU-intensive key exchange (full handshake) operations and reduces the overall number of SSL sessions on the server. As a result, it accelerates the SSL transaction while maintaining end-to-end security.

To configure an end-to-end encryption deployment, perform the following steps:

  • Create SSL services
  • Create an SSL virtual server
  • Add a certificate-key pair
  • Bind the certificate-key pair to the SSL virtual server
  • Bind the services to the SSL virtual server

For information about adding services, virtual servers, certificate-key pairs, seeSSL offloading configuration.

Sample values used in the configuration are listed in the table

实体 Name IP Address Port
SSL service service-ssl-1 198.51.100.5 443
SSL service service-ssl-2 198.51.100.10 443
SSL virtual server vserver-ssl 203.0.113.5 443
SSL certificate-key pair certkey-1 NA NA

Example:

add service service-ssl-1 198.51.100.5 SSL 443 add service service-ssl-2 198.51.100.10 SSL 443 add lb vserver vserver-ssl SSL 203.0.113.5 443 add ssl certKey certkey-1 -cert server_rsa_1024.pem -key server_rsa_1024.ky bind ssl vserver vserver-ssl -certkeyName certkey-1 bind lb vserver vserver-ssl service-ssl-1 bind lb vserver vserver-ssl service-ssl-2

Configure SSL offloading with end-to-end encryption using the GUI

  1. Navigate toTraffic Management > Load Balancing > Services > Add.
  2. Add two services:service-ssl-1andservice-ssl-2.
  3. Navigate toTraffic Management > SSL > Certificates > Install.
  4. Add a certificate-key pair:certkey-1.
  5. Navigate toTraffic Management > Load Balancing > Virtual Servers > Add.
  6. Add a virtual server:vserver-ssl.
  7. ClickOK.
  8. Click insideLoad balancing Virtual Server Service Binding.
  9. InSelect Service, click the arrow.
  10. In theServicedialog box, selectservice-ssl-1andservice-ssl-2.
  11. ClickSelect.
  12. ClickBind.
  13. ClickContinue.
  14. In theCertificatesection, clickServer Certificate.
  15. InSelect Server Certificate, click the arrow.
  16. In theServer Certificatesdialog box, clickcertkey-1.
  17. ClickSelect.
  18. ClickBind.
  19. ClickContinue.
  20. ClickDone.

SSL offloading with end to end encryption

Configure SSL offloading with end-to-end encryption
September 21, 2020
Contributed by:
S S
September 21, 2020
Contributed by:
S S

In this article

站点提要back | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.