This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configure SSL offloading with end-to-end encryption
A simple SSL offloading setup terminates SSL traffic (HTTPS), decrypts the SSL records, and forwards the clear text (HTTP) traffic to the back-end web servers. Clear text traffic is vulnerable to being spoofed, read, stolen, or compromised by individuals who succeed in gaining access to the back-end network devices or web servers.
You can, therefore, configure SSL offloading with end-to-end security by re-encrypting the clear text data and using secure SSL sessions to communicate with the back-end Web servers.
Configure the back-end SSL transactions so that the appliance uses SSL session multiplexing to reuse existing SSL sessions with the back-end web servers. It helps in avoiding CPU-intensive key exchange (full handshake) operations and reduces the overall number of SSL sessions on the server. As a result, it accelerates the SSL transaction while maintaining end-to-end security.
To configure an end-to-end encryption deployment, perform the following steps:
- Create SSL services
- Create an SSL virtual server
- Add a certificate-key pair
- Bind the certificate-key pair to the SSL virtual server
- Bind the services to the SSL virtual server
For information about adding services, virtual servers, certificate-key pairs, see SSL offloading configuration.
Sample values used in the configuration are listed in the table
| Entity | Name | IP Address | Port |
|---|---|---|---|
| SSL service | service-ssl-1 | 198.51.100.5 | 443 |
| SSL service | service-ssl-2 | 198.51.100.10 | 443 |
| SSL virtual server | vserver-ssl |
203.0.113.5 | 443 |
| SSL certificate-key pair | certkey-1 | NA | NA |
Example:
add service service-ssl-1 198.51.100.5 SSL 443
add service service-ssl-2 198.51.100.10 SSL 443
add lb vserver vserver-ssl SSL 203.0.113.5 443
add ssl certKey certkey-1 -cert server_rsa_1024.pem -key server_rsa_1024.ky
bind ssl vserver vserver-ssl -certkeyName certkey-1
bind lb vserver vserver-ssl service-ssl-1
bind lb vserver vserver-ssl service-ssl-2
<!--NeedCopy-->
Configure SSL offloading with end-to-end encryption using the GUI
- Navigate to Traffic Management > Load Balancing > Services > Add.
- Add two services:
service-ssl-1andservice-ssl-2. - Navigate to Traffic Management > SSL > Certificates > Install.
- Add a certificate-key pair:
certkey-1. - Navigate to Traffic Management > Load Balancing > Virtual Servers > Add.
- Add a virtual server:
vserver-ssl. - Click OK.
- Click inside Load balancing Virtual Server Service Binding.
- In Select Service, click the arrow.
- In the Service dialog box, select
service-ssl-1andservice-ssl-2. - Click Select.
- Click Bind.
- Click Continue.
- In the Certificate section, click Server Certificate.
- In Select Server Certificate, click the arrow.
- In the Server Certificates dialog box, click
certkey-1. - Click Select.
- Click Bind.
- Click Continue.
- Click Done.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.