Cisco ACE End-to-End SSL Configuration !!!

Unanswered Question
May 13th, 2010

Hi,,,

I want to know that what do we need at SSL based Servers to be ready for such type of configuration....

In this configuration, ACE behaves as SSL Client while Load Balalnced Servers are serving as SSL Server. Do they need Certificate or Key to be installed?

I need to advice the customer that what would be required to be configured for Load Balalnced Servers.

Appreciate for the help...

Thanks,,,

Regards,

Mubasher Sultan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dario.didio Fri, 05/14/2010 - 00:54

Hi,

if you speak about end-to-end SSL, you do mean that a client connects to the VIP in SSL, the ACE terminates the SSL connection, performs some load-balancing decisions, reencrypts the traffic and sends it, again encrypted, to the server.

For that to work, you need a key-cert pair to do the SSL termination ==> SSL -proxy server

For the SSL initiation (ACE to server traffic) you do not need a key-cert pair  ==> SSL -proxy client

Take a look at following example on how this is configured:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

HTH,

Dario

Actions

This Discussion