Hi, I am currently trying to set up SSL termination for a Hyperion system that is using clear text at the back end. The SSL offloading is working fine, but the issue is that after a client login, the application requests certain locations as http rather than https. I initially thought that this would need SSL rewrite, but I now don't believe that it's a redirect from the server that is sent, therefore I can't use ssl rewrite.
Ive tried some HTTPS redirections, and while the theory would work, the URL matching seems complicated, and some matches work while others don't seem to - /workspace.* works, but the more important /Hyperion.* doesn't. Aside from this it would seem pretty messy to redirect every individual http request to https?
Has anyone any experience of these setups? From what I have read outboard SSL termination isn't officially supported by Oracle for this product, but I'm sure some people must be doing it?
Thanks Gilles. I have managed to get a decoded trace, and can now clearly see that the server is using relative links, and does in fact send a HTTP 302 found redirect to the client. The Location: field states HTTP rather than HTTPS, so it looks like the URL rewrite feature is what I need to use.
What am I doing wrong in getting this to work? I am matching on all locations (.*), so that shouldn't be an issue. My ports are both non-standard, so the command is ssl url rewrite location .* sslport xxxxx clearport xxxxx. If I perform show service-policy detail, I can see that the action has many hits:
HTTP modify action : REWRITE_TO_SSL
hit count : 10
dropped conns : 0
but I never see the HTTP rewrite statistics increasing? Yesterday someone suggested that some servers use location as a non-capitalised field, but I tried this workaround as well with no success. Do you have any ideas at all?
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...