ServiceNOW SSL Offload

0

Creating post at Mike Bomba's request. 

 

To set up VS for ServiceNOW offloaded, set up as normal VS, offloaded to 80, then follow this document to create a location header modification rule. 

 

https://support.kemptechnologies.com/hc/en-us/articles/203025339-Replacing-the-Rewrite-Rules-functionality-using-Replace-Header-rules

 

ServiceNow requires that this be in place to work .

 

Otherwise, no other special configuration required. 

1 comment

Avatar
0
mbomba

If using a current LoadMaster OS build (e.g. 7.2.43) then the following is possible.

The following template was created to support a federal user configuring LoadMaster to provide https access to ServiceNow. The ServiceNow servers were not configured for https due to the difficulty in adding Federal certificates to the ServiceNow servers. Instead, a KEMP  LoadMaster was configured in the path to accept https connections, decrypt, and send the resulting http traffic to the ServiceNow servers. 

The template has a body modification rules as there are embedded http objects in the ServiceNow application. Since the user connects only over https, there was no path to these http objects. To fix this the KEMP appliance rewrote all http objects in a web page to https. This allowed the user to select these objects and connect via https to the KEMP appliance. 

KEMP templates are simple text (ascii) files that contain instructions for the automatic creation of a virtual service. Templates created from an existing virtual service normally use the .txt suffix. The process to create a template for ServiceNow is listed below.

Create a new ascii (text) file named ServiceNow.txt

Cut and paste the below into the ServiceNow.txt file

Using the KEMP Web UI, under VIrtual Services/Templates - upload this template.

Create a new virtual service and select this template. All you need to do now is add the real servers (your ServiceNow IIS servers) and test.

YOU MAY NEED TO SET A DIFFERENT PERSISTENCE MODE FOR THIS VIRTUAL SERVICE

--------CUT BELOW-----

 

%TYPE% VS
%NAME% ServiceNow
%COMMENT% Generated by vipdump $Revision: 16279 $
%PORT% 443
%PROT% tcp
%TVERSION% 4

rules
add "ServiceNowRewrite_2088_10045_%RAND%"
type replacebody
value "/http:\/\//"
replacement "https://"
exit

exit
vip tcp/%VIP%+%PORT%
name "%REALNAME%"
mtype "http"
sslaccel
tlstype 1
cipherset "Default"
forcel7
cookie "test"
healthcheck "tcp"
persist "cookie-src"
schedule "rr"
ptimeout 28800
errcode 302
checkurl "/"
checkversion 1
checkport 16000
addbrule ServiceNowRewrite_2088_10045_%RAND%
exit

------------- CUT ABOVE ------------