Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Creating a Virtual Service that utilizes SSL Offloading

 

Information

 

Summary: 

Assistance in creating a new virtual service that is set to use SSL offloading.

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

 Need help creating a new virtual service that uses HTTPS on the front end (client to LoadMaster) and then uses HTTP on the back end (LoadMaster to Real Server).

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution: 
  •  The process for adding an SSL-enabled Virtual Service is the same for a regular Virtual Service. First, add the Virtual Service. In the main menu of the LoadMaster WUI, select Virtual Services and Add New. A screen will appear asking to enter the Virtual Address, Port, Service Name and Protocol.
  • The port defaults to port 80, which is the standard HTTP port. If an SSL-enabled Virtual Service is being created, change the port to 443, which is the default HTTPS port. Keep the protocol as tcp, and click Add this Virtual Service.
  •  The Virtual Service properties screen will appear. Among the various sections in this screen is SSL Properties.
  • To enable SSL for this Virtual Service, select the Enabled check box.  A warning will appear saying that a temporary certificate will be used for the service. Click OK.  As soon as SSL is enabled, the LoadMaster will install a self-signed certificate for the Virtual Service until you apply your own imported certificate.  You will have to first import your certificate into the LoadMaster before it may be used on a Service.

  • The check boxes in the Supported Protocols section allow you to specify which protocols should be supported by the Virtual Service for the client side connection. By default, TLS1.1, TLS1.2, and TLS1.3 protocols are enabled and SSLv3 and TLS1.0 are disabled.
  •  When SSL Acceleration is enabled, communication from the LoadMaster to the Real Servers is unencrypted (next to SSL Acceleration, the Re-Encrypt box will be unchecked).  You may add the Real Servers on port 80.
Workaround:  
Notes:

SSL Acceleration Details

How to Import Certificates for a Service using SSL Acceleration


Comments