Methods of handling HTTPS / SSL on the KEMP LoadMaster

When dealing with encrypted traffic, the LoadMaster has three ways handling such requests:

  • SSL pass through:

In this situation the LoadMaster would simply allow the SSL traffic to pass unmodified. The LoadMaster would deliver HTTPS traffic the server.

Note: SSL pass through will be used if SSL Acceleration is not enabled.

  • SSL offloading:

With this configuration, you will need to import your domain's public certificate and key onto the LoadMaster. This will allow the decryption of incoming SSL traffic at the LoadMaster and then the passing of the traffic to the server unencrypted. In order to support this, the servers must expect and allow secured content to be transmitted over HTTP.

Note: SSL offloading will be used if SSL Acceleration is enabled but Reencrypt is not.

  • SSL re-encryption:

This configuration will require your domain's public certificate and key as well. In this setup, the LoadMaster will decrypt the incoming traffic but will also encrypt the traffic before it is sent off to the server. This allows LoadMaster to perform Layer 7 features without needing to make changes to the server.

Note: SSL re-encryption will be used if both SSL Acceleration and Reencrypt are enabled.

Was this article helpful?

1 out of 1 found this helpful