-
Getting Started with NetScaler
-
Secure load balanced traffic by using SSL
-
Deploy a NetScaler VPX instance
-
Optimize NetScaler VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply NetScaler VPX configurations at the first boot of the NetScaler appliance in cloud
-
Configure simultaneous multithreading for NetScaler VPX on public clouds
-
Install a NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for installing NetScaler VPX virtual appliances on Linux-KVM platform
-
Provisioning the NetScaler virtual appliance by using OpenStack
-
Provisioning the NetScaler virtual appliance by using the Virtual Machine Manager
-
Configuring NetScaler virtual appliances to use SR-IOV network interface
-
Configuring NetScaler virtual appliances to use PCI Passthrough network interface
-
Provisioning the NetScaler virtual appliance by using the virsh Program
-
Provisioning the NetScaler virtual appliance with SR-IOV on OpenStack
-
Configuring a NetScaler VPX instance on KVM to use OVS DPDK-Based host interfaces
-
-
Deploy a NetScaler VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Protect AWS API Gateway using the NetScaler Web Application Firewall
-
Configure a NetScaler VPX instance to use SR-IOV network interface
-
Configure a NetScaler VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a NetScaler VPX instance on Microsoft Azure
-
Network architecture for NetScaler VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a NetScaler VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Deploy a NetScaler high-availability pair on Azure with ALB in the floating IP-disabled mode
-
Configure a NetScaler VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the NetScaler high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure a NetScaler VPX standalone instance on Azure VMware solution
-
Configure a NetScaler VPX high availability setup on Azure VMware solution
-
Configure address pools (IIP) for a NetScaler Gateway appliance
-
Deploy a NetScaler VPX instance on Google Cloud Platform
-
Deploy a VPX high-availability pair on Google Cloud Platform
-
Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform
-
Deploy a single NIC VPX high-availability pair with private IP address on Google Cloud Platform
-
Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform
-
Install a NetScaler VPX instance on Google Cloud VMware Engine
-
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
Web Application Firewall protection for VPN virtual servers and authentication virtual servers
-
On-premises NetScaler Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the NetScaler appliance
-
-
-
-
Authentication and authorization for System Users
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Secure load balanced traffic by using SSL
The NetScaler SSL offload feature transparently improves the performance of websites that conduct SSL transactions. By offloading CPU-intensive SSL encryption and decryption tasks from the local web server to the appliance, SSL offloading ensures secure delivery of web applications without the performance penalty incurred when the server processes the SSL data. Once the SSL traffic is decrypted, it can be processed by all standard services. The SSL protocol works seamlessly with various types of HTTP and TCP data and provides a secure channel for transactions using such data.
To configure SSL, you must first enable it. Then, you configure HTTP or TCP services and an SSL virtual server on the appliance, and bind the services to the virtual server. You must also add a certificate-key pair and bind it to the SSL virtual server. If you use Outlook Web Access servers, you must create an action to enable SSL support and a policy to apply the action. An SSL virtual server intercepts incoming encrypted traffic and decrypts it by using a negotiated algorithm. The SSL virtual server then forwards the decrypted data to the other entities on the appliance for appropriate processing.
For detailed information about SSL offloading, see SSL offload and acceleration.
SSL configuration task sequence
To configure SSL, you must first enable it. Then, you must create an SSL virtual server and HTTP or TCP services on the NetScaler appliance. Finally, you must bind a valid SSL certificate and the configured services to the SSL virtual server.
An SSL virtual server intercepts incoming encrypted traffic and decrypts it using a negotiated algorithm. The SSL virtual server then forwards the decrypted data to the other entities on the NetScaler appliance for appropriate processing.
The following flow chart shows the sequence of tasks for configuring a basic SSL offload setup.
Figure 1. Sequence of Tasks to Configure SSL Offloading
Enable SSL offload
First enable the SSL feature. You can configure SSL-based entities on the appliance without enabling the SSL feature, but they will not work until you enable SSL.
Enable SSL by using the CLI
At the command prompt, type the following commands to enable SSL Offload and verify the configuration:
- enable ns feature SSL
- show ns feature
<!--NeedCopy-->
Example:
> enable ns feature ssl
Done
> show ns feature
Feature Acronym Status
------- ------- ------
1) Web Logging WL ON
2) SurgeProtection SP OFF
3) Load Balancing LB ON . . .
9) SSL Offloading SSL ON
10) Global Server Load Balancing GSLB ON . .
Done >
<!--NeedCopy-->
Enable SSL by using the GUI
Follow these steps:
- In the navigation pane, expand System, and then click Settings.
- In the details pane, under Modes and Features, click Change basic features.
- Select the SSL Offloading check box, and then click OK.
- In the Enable/Disable Feature(s)? message box, click Yes.
Create HTTP services
A service on the appliance represents an application on a server. Once configured, services are in the disabled state until the appliance can reach the server on the network and monitor its status. This topic covers the steps to create an HTTP service.
Note: For TCP traffic, perform the following procedures, but create TCP services instead of HTTP services.
Add an HTTP service by using the CLI
At the command prompt, type the following commands to add an HTTP service and verify the configuration:
- add service <name> (<IP> | <serverName>) <serviceType> <port>
- show service <name>
<!--NeedCopy-->
Example:
> add service SVC_HTTP1 10.102.29.18 HTTP 80
Done
> show service SVC_HTTP1
SVC_HTTP1 (10.102.29.18:80) - HTTP
State: UP
Last state change was at Wed Jul 15 06:13:05 2009
Time since last state change: 0 days, 00:00:15.350
Server Name: 10.102.29.18
Server ID : 0 Monitor Threshold : 0
Max Conn: 0 Max Req: 0 Max Bandwidth: 0 kbits
Use Source IP: NO
Client Keepalive(CKA): NO
Access Down Service: NO
TCP Buffering(TCPB): NO
HTTP Compression(CMP): YES
Idle timeout: Client: 180 sec Server: 360 sec
Client IP: DISABLED
Cacheable: NO
SC: OFF
SP: OFF
Down state flush: ENABLED
1) Monitor Name: tcp-default
State: UP Weight: 1
Probes: 4 Failed [Total: 0 Current: 0]
Last response: Success - TCP syn+ack received.
Response Time: N/A
Done
<!--NeedCopy-->
Add an HTTP service by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL Offload > Services.
- In the details pane, click Add.
- In the Create Service dialog box, type the name of the service, IP address, and port (for example, SVC_HTTP1, 10.102.29.18, and 80).
- In the Protocol list, select the type of the service (for example, HTTP).
- Click Create, and then click Close. The HTTP service you configured appears in the Services page.
- Verify that the parameters you configured are correctly configured by selecting the service and viewing the Details section at the bottom of the pane.
Add an SSL based virtual server
In a basic SSL offloading setup, the SSL virtual server intercepts encrypted traffic, decrypts it, and sends the clear text messages to the services that are bound to the virtual server. Offloading CPU-intensive SSL processing to the appliance allows the back-end servers to process a greater number of requests.
Add an SSL-based virtual server by using the CLI
At the command prompt, type the following commands to create an SSL-based virtual server and verify the configuration:
- add lb vserver <name> <serviceType> [<IPAddress> <port>]
- show lb vserver <name>
<!--NeedCopy-->
Caution: To ensure secure connections, you must bind a valid SSL certificate to the SSL-based virtual server before you enable it.
Example:
> add lb vserver vserver-SSL-1 SSL 10.102.29.50 443
Done
> show lb vserver vserver-SSL-1
vserver-SSL-1 (10.102.29.50:443) - SSL Type: ADDRESS
State: DOWN[Certkey not bound] Last state change was at Tue Jun 16 06:33:08 2009 (+176 ms)
Time since last state change: 0 days, 00:03:44.120
Effective State: DOWN Client Idle Timeout: 180 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
No. of Bound Services : 0 (Total) 0 (Active)
Configured Method: LEASTCONNECTION Mode: IP
Persistence: NONE
Vserver IP and Port insertion: OFF
Push: DISABLED Push VServer: Push Multi Clients: NO Push Label Rule: Done
<!--NeedCopy-->
Add an SSL-based virtual server by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL Offload > Virtual Servers.
- In the details pane, click Add.
- In the Create Virtual Server (SSL Offload) dialog box, type the name of the virtual server, IP address, and port.
- In the Protocol list, select the type of the virtual server, for example, SSL.
- Click Create, and then click Close.
- Verify that the parameters you configured are correctly configured by selecting the virtual server and viewing the Details section at the bottom of the pane. The virtual server is marked as DOWN because a certificate-key pair and services have not been bound to it.
Caution: To ensure secure connections, you must bind a valid SSL certificate to the SSL-based virtual server before you enable it.
Bind services to the SSL virtual server
After decrypting the incoming data, the SSL virtual server forwards the data to the services that you have bound to the virtual server.
Data transfer between the appliance and the servers can be encrypted or in clear text. If the data transfer between the appliance and the servers is encrypted, the entire transaction is secure from end to end. For more information about configuring the system for end-to-end security, see SSL offload and acceleration.
Bind a service to a virtual server by using the CLI
At the command prompt, type the following commands to bind a service to the SSL virtual server and verify the configuration:
- bind lb vserver <name> <serviceName>
- show lb vserver <name>
<!--NeedCopy-->
Example:
> bind lb vserver vserver-SSL-1 SVC_HTTP1
Done
> show lb vserver vserver-SSL-1 vserver-SSL-1 (10.102.29.50:443) - SSL Type:
ADDRESS State: DOWN[Certkey not bound]
Last state change was at Tue Jun 16 06:33:08 2009 (+174 ms)
Time since last state change: 0 days, 00:31:53.70
Effective State: DOWN Client Idle
Timeout: 180 sec
Down state flush: ENABLED Disable Primary Vserver On Down :
DISABLED No. of Bound Services : 1 (Total) 0 (Active)
Configured Method: LEASTCONNECTION Mode: IP Persistence: NONE Vserver IP and
Port insertion: OFF Push: DISABLED Push VServer: Push Multi Clients: NO Push Label Rule:
1) SVC_HTTP1 (10.102.29.18: 80) - HTTP
State: DOWN Weight: 1
Done
<!--NeedCopy-->
Bind a service to a virtual server by using the GUI
- Navigate to Traffic Management > SSL Offload > Virtual Servers.
- In the details pane, select a virtual server, and then click Open.
- On the Services tab, in the Active column, select the check boxes next to the services that you want to bind to the selected virtual server.
- Click OK.
- Verify that the Number of Bound Services counter in the Details section at the bottom of the pane is incremented by the number of services that you bound to the virtual server.
Add a certificate-key pair
An SSL certificate is an integral element of the SSL Key-Exchange and encryption/decryption process. The certificate is used during an SSL handshake to establish the identity of the SSL server. You can use a valid, existing SSL certificate that you have on the NetScaler appliance, or you can create your own SSL certificate. The appliance supports RSA certificates of up to 4096 bits.
ECDSA certificates with only the following curves are supported:
- prime256v1 (P_256 on the ADC)
- secp384r1 (P_384 on the ADC)
- secp521r1 (P_521 on the ADC; supported on VPX only)
- secp224r1 (P_224 on the ADC; supported on VPX only)
Note: Citrix recommends that you use a valid SSL certificate that has been issued by a trusted certificate authority. Invalid certificates and self-created certificates are not compatible with all SSL clients.
Before a certificate can be used for SSL processing, you must pair it with its corresponding key. The certificate key pair is then bound to the virtual server and used for SSL processing.
Add a certificate key pair by using the CLI
Note: For information about creating an ECDSA certificate-key pair, see Create an ECDSA certificate-key pair.
At the command prompt, type the following commands to create a certificate key pair and verify the configuration:
- add ssl certKey <certkeyName> -cert <string> [-key <string>]
- show sslcertkey <name>
<!--NeedCopy-->
Example:
> add ssl certKey CertKey-SSL-1 -cert ns-root.cert -key ns-root.key
Done
> show sslcertkey CertKey-SSL-1
Name: CertKey-SSL-1 Status: Valid,
Days to expiration:4811 Version: 3
Serial Number: 00 Signature Algorithm: md5WithRSAEncryption Issuer: C=US,ST=California,L=San
Jose,O=Citrix ANG,OU=NS Internal,CN=de fault
Validity Not Before: Oct 6 06:52:07 2006 GMT Not After : Aug 17 21:26:47 2022 GMT
Subject: C=US,ST=California,L=San Jose,O=Citrix ANG,OU=NS Internal,CN=d efault Public Key
Algorithm: rsaEncryption Public Key
size: 1024
Done
<!--NeedCopy-->
Add a certificate key pair by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL > Certificates.
- In the details pane, click Add.
- In the Install Certificate dialog box, in the Certificate-Key Pair Name text box, type a name for the certificate key pair you want to add, for example, Certkey-SSL-1.
- Under Details, in Certificate File Name, click Browse (Appliance) to locate the certificate. Both the certificate and the key are stored in the /nsconfig/ssl/ folder on the appliance. To use a certificate present on the local system, select Local.
- Select the certificate you want to use, and then click Select.
- In Private Key File Name, click Browse (Appliance) to locate the private key file. To use a private key present on the local system, select Local.
- Select the key you want to use and click Select. To encrypt the key used in the certificate key pair, type the password to be used for encryption in the Password text box.
- Click Install.
- Double-click the certificate key pair and, in the Certificate Details window, verify that the parameters have been configured correctly and saved.
Bind an SSL certificate key pair to the virtual server
After you pairing an SSL certificate with its corresponding key, bind the certificate-key pair to the SSL virtual server so that it can be used for SSL processing. Secure sessions require establishing a connection between the client computer and an SSL-based virtual server on the appliance. SSL processing is then carried out on the incoming traffic at the virtual server. Therefore, before enabling the SSL virtual server on the appliance, you need to bind a valid SSL certificate to the SSL virtual server.
Bind an SSL certificate key pair to a virtual server by using the CLI
At the command prompt, type the following commands to bind an SSL certificate key pair to a virtual server and verify the configuration:
- bind ssl vserver <vServerName> -certkeyName <string>
- show ssl vserver <name>
<!--NeedCopy-->
Example:
> bind ssl vserver Vserver-SSL-1 -certkeyName CertKey-SSL-1
Done
> show ssl vserver Vserver-SSL-1
Advanced SSL configuration for VServer Vserver-SSL-1:
DH: DISABLED
Ephemeral RSA: ENABLED Refresh Count: 0
Session Reuse: ENABLED Timeout: 120 seconds
Cipher Redirect: ENABLED
SSLv2 Redirect: ENABLED
ClearText Port: 0
Client Auth: DISABLED
SSL Redirect: DISABLED
Non FIPS Ciphers: DISABLED
SSLv2: DISABLED SSLv3: ENABLED TLSv1: ENABLED
1) CertKey Name: CertKey-SSL-1 Server Certificate
1) Cipher Name: DEFAULT
Description: Predefined Cipher Alias
Done
<!--NeedCopy-->
Bind an SSL certificate key pair to a virtual server by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL Offload > Virtual Servers.
- Select the virtual server to which you want to bind the certificate key pair, for example, Vserver-SSL-1, and click Open.
- In the Configure Virtual Server (SSL Offload) dialog box, on the SSL Settings tab, under Available, select the certificate key pair that you want to bind to the virtual server. Then click Add.
- Click OK.
- Verify that the certificate key pair that you selected appears in the Configured area.
Configure support for Outlook web access
If you use Outlook Web Access (OWA) servers on your NetScaler appliance, you must configure the appliance to insert a special header field, FRONT-END-HTTPS: ON, in HTTP requests directed to the OWA servers, so that the servers generate URL links as https://
instead of http://
.
Note: You can enable OWA support for HTTP-based SSL virtual servers and services only. You cannot apply it for TCP-based SSL virtual servers and services.
To configure OWA support, do the following:
- Create an SSL action to enable OWA support.
- Create an SSL policy.
- Bind the policy to the SSL virtual server.
Create an SSL action to enable OWA support
Before you can enable Outlook Web Access (OWA) support, you must create an SSL action. SSL actions are bound to SSL policies and triggered when incoming data matches the rule specified by the policy.
Create an SSL action to enable OWA support by using the CLI
At the command prompt, type the following commands to create an SSL action to enable OWA support and verify the configuration:
- add ssl action <name> -OWASupport ENABLED
- show SSL action <name>
<!--NeedCopy-->
Example:
> add ssl action Action-SSL-OWA -OWASupport enabled
Done
> show SSL action Action-SSL-OWA
Name: Action-SSL-OWA
Data Insertion Action: OWA
Support: ENABLED
Done
<!--NeedCopy-->
Create an SSL action to enable OWA support by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL > Policies.
- In the details pane, on the Actions tab, click Add.
- In the Create SSL Action dialog box, in the Name text box, type Action-SSL-OWA.
- Under Outlook Web Access, select Enabled.
- Click Create, and then click Close.
- Verify that Action-SSL-OWA appears in the SSL Actions page.
Create SSL policies
SSL policies are created by using the policy infrastructure. Each SSL policy has an SSL action bound to it, and the action is carried out when incoming traffic matches the rule that has been configured in the policy.
Create an SSL policy by using the CLI
At the command prompt, type the following commands to configure an SSL policy and verify the configuration:
- add ssl policy <name> -rule <expression> -reqAction <string>
- show ssl policy <name>
<!--NeedCopy-->
Example:
> add ssl policy-SSL-1 -rule ns_true -reqaction Action-SSL-OWA
Done
> show ssl policy-SSL-1
Name: Policy-SSL-1 Rule: ns_true
Action: Action-SSL-OWA Hits: 0
Policy is bound to following entities
1) PRIORITY : 0
Done
<!--NeedCopy-->
Create an SSL policy by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL > Policies.
- In the details pane, click Add.
- In the Create SSL Policy dialog box, in the Name text box, type the name of the SSL Policy (for example, Policy-SSL-1).
- In Request Action, select the configured SSL action that you want to associate with this policy (for example, Action-SSL-OWA). The ns_true general expression applies the policy to all successful SSL handshake traffic. However, to filter specific responses, you can create policies with a higher level of detail. For more information about configuring granular policy expressions, see SSL actions and policies.
- In Named Expressions, choose the built-in general expression ns_true and click Add Expression. The expression ns_true now appears in the Expression text box.
- Click Create, and then click Close.
- Verify that the policy is correctly configured by selecting the policy and viewing the Details section at the bottom of the pane.
Bind the SSL policy to the SSL virtual server
After you configure an SSL policy for Outlook Web Access, bind the policy to a virtual server that will intercept incoming Outlook traffic. If the incoming data matches any of the rules configured in the SSL policy, the policy is triggered and the action associated with it is carried out.
Bind an SSL policy to an SSL virtual server by using the CLI
At the command prompt, type the following commands to bind an SSL policy to an SSL virtual server and verify the configuration:
- bind ssl vserver <vServerName> -policyName <string>
- show ssl vserver <name>
<!--NeedCopy-->
Example:
> bind ssl vserver Vserver-SSL-1 -policyName Policy-SSL-1
Done
> show ssl vserver Vserver-SSL-1
Advanced SSL configuration for VServer Vserver-SSL-1:
DH: DISABLED
Ephemeral RSA: ENABLED
Refresh Count: 0
Session Reuse: ENABLED
Timeout: 120 seconds
Cipher Redirect: ENABLED
SSLv2 Redirect: ENABLED
ClearText Port: 0
Client Auth: DISABLED
SSL Redirect: DISABLED
Non FIPS Ciphers: DISABLED
SSLv2: DISABLED SSLv3: ENABLED TLSv1: ENABLED
1) CertKey Name: CertKey-SSL-1 Server Certificate
1) Policy Name: Policy-SSL-1 Priority: 0
1) Cipher Name: DEFAULT Description: Predefined Cipher Alias
Done
<!--NeedCopy-->
Bind an SSL policy to an SSL virtual server by using the GUI
Follow these steps:
- Navigate to Traffic Management > SSL Offload > Virtual Servers.
- In the details pane, select the virtual server (for example, Vserver-SSL-1), and then click Open.
- In the Configure Virtual Server (SSL Offload) dialog box, click Insert Policy, and then select the policy that you want to bind to the SSL virtual server. Optionally, you can double-click the Priority field and type a new priority level.
- Click OK.
Share
Share
In this article
- SSL configuration task sequence
- Enable SSL offload
- Create HTTP services
- Add an SSL based virtual server
- Bind services to the SSL virtual server
- Add a certificate-key pair
- Bind an SSL certificate key pair to the virtual server
- Configure support for Outlook web access
- Create an SSL action to enable OWA support
- Create SSL policies
- Bind the SSL policy to the SSL virtual server
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.