Configure SSL offloading with end-to-end encryption 编辑

September 14, 2021 Contributed by:  S SC

Configure SSL offloading with end-to-end encryption

A simple SSL offloading setup terminates SSL traffic (HTTPS), decrypts the SSL records, and forwards the clear text (HTTP) traffic to the back-end web servers. Clear text traffic is vulnerable to being spoofed, read, stolen, or compromised by individuals who succeed in gaining access to the back-end network devices or web servers.

You can, therefore, configure SSL offloading with end-to-end security by re-encrypting the clear text data and using secure SSL sessions to communicate with the back-end Web servers.

Configure the back-end SSL transactions so that the appliance uses SSL session multiplexing to reuse existing SSL sessions with the back-end web servers. It helps in avoiding CPU-intensive key exchange (full handshake) operations and also reduces the overall number of SSL sessions on the server. As a result, it accelerates the SSL transaction while maintaining end-to-end security.

To configure an end-to-end encryption deployment, perform the following steps:

  • Create SSL services
  • Create an SSL virtual server
  • Add a certificate-key pair
  • Bind the certificate-key pair to the SSL virtual server
  • Bind the services to the SSL virtual server

For information about adding services, virtual servers, certificate-key pairs, see SSL offloading configuration
.

Sample values used in the configuration are listed in the table

EntityNameIP AddressPort
SSL serviceservice-ssl-1198.51.100.5443
SSL serviceservice-ssl-2198.51.100.10443
SSL virtual servervserver-ssl203.0.113.5443
SSL certificate-key paircertkey-1NANA

Example:

add service service-ssl-1 198.51.100.5 SSL 443add service service-ssl-2 198.51.100.10 SSL 443add lb vserver vserver-ssl SSL 203.0.113.5 443add ssl certKey certkey-1 -cert server_rsa_1024.pem -key server_rsa_1024.kybind ssl vserver vserver-ssl -certkeyName certkey-1bind lb vserver vserver-ssl service-ssl-1bind lb vserver vserver-ssl service-ssl-2<!--NeedCopy-->


Configure SSL offloading with end-to-end encryption using the GUI

  1. Navigate to Traffic Management > Load Balancing > Services > Add.
  2. Add two services: service-ssl-1 and service-ssl-2.
  3. Navigate to Traffic Management > SSL > Certificates > Install.
  4. Add a certificate-key pair: certkey-1.
  5. Navigate to Traffic Management > Load Balancing > Virtual Servers > Add.
  6. Add a virtual server: vserver-ssl.
  7. Click OK.
  8. Click inside Load balancing Virtual Server Service Binding.
  9. In Select Service, click the arrow.
  10. In the Service dialog box, select service-ssl-1 and service-ssl-2.
  11. Click Select.
  12. Click Bind.
  13. Click Continue.
  14. In the Certificate section, click Server Certificate.
  15. In Select Server Certificate, click the arrow.
  16. In the Server Certificates dialog box, click certkey-1.
  17. Click Select.
  18. Click Bind.
  19. Click Continue.
  20. Click Done.

SSL offloading with end to end encryption

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:44 次

字数:4809

最后编辑:8 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文