Forum Discussion

Ganesh_31405's avatar
Ganesh_31405
Icon for Nimbostratus rankNimbostratus
Nov 17, 2010

SSL on server

Hi, I've minuscule knowledge about the LB configuration over SSL. This is my setup. I've an application server running in HTTPS (443 port) behind LB. In the LB, I've an VIP (10.223.x.x) created w...
config
design
Jason_Keating's avatar
Jason_Keating
Icon for Altostratus rankAltostratus
Nov 17, 2010
With regard to your VIP 443 service, try no SSL profiles (client or server) and just a standard virtual server with a TCP profile (the defaults), this will give you HTTPS on both server and client side. Keep in mind at no point is this traffic decrypted at the LTM so you can not do anything with the payload, and you may want to use persistence depending on your app server - but that will not be necessary to get started with a response from the server.

 

 

With regard to the VIP 80 service, you will need a serverssl profile to allow HTTP on the client side and HTTPS on the server side. If your app server SSL configuration requires X509 client auth, or if you are using certs signed by a CA not trusted by the LTM then you need to configure the serverssl profile appropriately, if not then again the default config should be fine.