Forum Discussion
Nimbostratusclient ssl off_load
hi guys /1. client ssl off_load VIP is on port 443 and pool members also in service port 443 . /2. pool members can not change port (also 443 ) 、、、They want to do ssl offload on the VIP will it work???
lizunjjgCirrus
help me
natheCirrocumulus
If the backend servers are expecting an SSL connection, then you can offload on the bigip with a clientssl profile (with the right cert/key for the domain) and then re-encrypt to the backend pool members by adding a serverssl profile (the default one here will do).
Hope this helps,
N
- Chaithy
yes but you also need server profile to be called in VS along with Client profile.
- lizunjjg
thank you
KevinA_246454Cirrostratus
HI Lizunjjg
If I am understand you correctly you want to do SSL Offloading, but your not sure if it will work if your pool members is also listening on port 443 ?
If the above is your scenario I would say yes then only associate the client ssl profile with a http profile(default one will work) and a tcp profile which should be their by default. If you want to send ssl to the pool members as well you will have to add a server ssl profile(that will be SSL terminating not offloading).Note also you will have to ensure your webserver is configured to accept http on port 443.
- lizunjjg_280139
haha,KevinA,you understand it correctly,thanks very much. my user needs are strange.
- KevinA_246454
No Problem's Lizunjjg, like mentioned it should just work when you dont have the ssl server profile configured, that is if your webserver is configured for HTTP.
- lizunjjg_280139
haha,thanks KevinA
- lizunjjg
thanks for your help,haha