Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACE 4710 HTTPS load balance configuration

Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later.

I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?

Any configuration examples would be helpful.

Thanks.

6 REPLIES

ACE 4710 HTTPS load balance configuration

Hi Andy,

The easy way is to terminate the SSL on ACE just for the clients , and between the ACE and the servers you will have HTTP ( clear ) connection - usually the datacenter traffic is could be clear and is some how not a threat.

As for the certificate , this should be copied on both ACE, it is not replicated and is needed for each client connection.

Regards.

Cisco Employee

ACE 4710 HTTPS load balance configuration

IF you terminate SSL on the ACE you need certificates and key on ace in the context in which you are doing the termination. The certs and keys need to be installed on the active and standby (manually unless using anm to manage).

when speaking of SSL

SSL termination refers to ace terminating SSL and sending to server as clear text

end to end - ACE terminates SSL (to look into payload to make a loadbalance decision or sticky decision) and then re-encrypts to the server, so to the client ACE is an ssl server and to the server the ace is an ssl client.

You can find some config examples at

http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples

Community Member

ACE 4710 HTTPS load balance configuration

I am not the Exchange admin, but does OWA work without being HTTPS?

So can I use the same CSR from the primary and get the cert, then install the same certificate on both ACE? Or would I need two CSR's and two certs?

ACE 4710 HTTPS load balance configuration

Community Member

ACE 4710 HTTPS load balance configuration

Thanks for all the help and quick responses.

If the another server requires HTTPS this would require the end-to-end SSL configuration?

ACE 4710 HTTPS load balance configuration

If the server could not run HTTP , then yes.

Regards

Dan

927
Views
0
Helpful
6
Replies
CreatePlease to create content