Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

Specifying different certificates on the front and back end

Updated

 

Information

 

Summary: 

Is it possible to use a different certificate on the LoadMaster compared to the certificate that exists on the real server?
Environment:

Product: LM

Version: Any

Platform: Any

Application: Any
Question/Problem Description: 

Is it possible to use a wildcard certificate on the virtual service and a specific server AD-generated certificate on the real server?
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

This would not be possible through the LoadMaster.
The certificate being used on the front end between the client and LoadMaster will also need to be used on the backend between the LoadMaster and the real server.
It would not be possible to configure the LoadMaster to look for and use a different certificate when passing on the traffic to the real server.
 
The LoadMaster can handle multiple certificates on a single virtual service, including a wild card certificate. The LoadMaster will know which SSL certificate to use based on the hostname(s) of the client request made.
If the certificate is not available on the LoadMaster, it will not be able to use that certificate on the backend. 
Workaround:  Disabling SSL offloading or re-encryption so the LM is just passing traffic through to the server. This way the certificate will not need to exist on the LM and the certificate on the server will be utilized. 
Notes:  
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document