SSL queries

0

Hi,

Before the deployment of Kemp LB, I have already purchase a Public cert for one of the server. So with the deployment Kemp LB, do I need to import the public cert of the server or I just need to purchase another Public cert for the Kemp LB.

Currently I have several SubVSs under the single IP and I have enabled SSL with encryption.

 

2 comments

Avatar
Christian Scheller Official comment

Hello Steven,

we appreciate the fact that this issue has been solved for you. However, for the sake of other community users, let me answer that question anyway:

 

As the Loadbalancers virtual IP address for your service is registered in DNS, this is where the certificate you purchased has to be imported. For re-encryption of the data stream the Loadmaster will behave like an ordinary SSL-client to the real server, accepting any certificate. So we are looking at two connections here, one from the user to the Loadbalancer, and another one from the Loadbalancer to the real server. From a users point of view, only their own connection is visible, anything behind it is intransparent.

 

Hope this helps, Best Regards
Christian Scheller

 

Avatar
0
stevensou

Resolved.