Configure SSL monitoring when client authentication is enabled on the back-end service
Consider a scenario in which you need to load balance servers that require SSL client certificates to validate clients. For this deployment, add the following configuration:
- Create an SSL service on the NetScaler appliance
- Add an HTTPS monitor
- Add a certificate-key pair
- Bind this certificate-key pair to the SSL service
- Bind the HTTPS monitor to this service.
You can use this https monitor to perform health checks on the back-end services.
Configure SSL monitoring with client certificate
-
Open an SSH connection to the appliance by using an SSH client, such as PuTTY.
-
Log on the appliance by using the administrator credentials.
-
Add an SSL service. At the command prompt, type:
add service <name> <serverName> <serviceType> <port> <!--NeedCopy--> -
Add an https monitor. At the command prompt, type:
add lb monitor <name> <type> <!--NeedCopy--> -
Add the certificate-key pair that is going to be used as the client cert for that SSL service. At the command prompt, type:
add ssl certKey <certkeyName> -cert <string> -key <string> <!--NeedCopy--> -
Bind this certificate-key pair to the SSL service. At the command prompt, type:
bind ssl service <serviceName> -certkeyName <string> <!--NeedCopy--> -
Bind the https monitor to the SSL service. At the command prompt, type:
bind service <name> -monitorName <string> <!--NeedCopy-->
Example:
add service ssl_svc 198.51.100.100 SSL 443
Done
add lb monitor ssl_mon HTTP
Done
add ssl certKey abccert -cert serverabc.pem -key serverabc.ky
Done
bind ssl service ssl_svc -certkeyName abccert
Done
bind service ssl_svc -monitorName ssl_mon
Done
<!--NeedCopy-->