ADC

Configure SSL monitoring when client authentication is enabled on the backend service

Consider a scenario in which you need to load balance servers that require SSL client certificates to validate clients. For this deployment, you need to create an SSL service on the Citrix ADC appliance, add an HTTPS monitor, add a certificate-key pair, bind this certificate-key pair to the SSL service, and then bind the https monitor to this service. You can use this https monitor to perform health checks on the backend services.

Configure SSL monitoring with client certificate

  1. Open an SSH connection to the appliance by using an SSH client, such as PuTTY.

  2. Log on the appliance by using the administrator credentials.

  3. Add an SSL service. At the command prompt, type:

    add service <name> <serverName> <serviceType> <port>
    <!--NeedCopy-->
    
  4. Add an https monitor. At the command prompt, type:

    add lb monitor <name> <type>
    <!--NeedCopy-->
    
  5. Add the certificate-key pair that is going to be used as the client cert for that SSL service. At the command prompt, type:

    add ssl certKey <certkeyName> -cert <string> -key <string>
    <!--NeedCopy-->
    
  6. Bind this certificate-key pair to the SSL service. At the command prompt, type:

    bind ssl service <serviceName> -certkeyName <string>
    <!--NeedCopy-->
    
  7. Bind the https monitor to the SSL service. At the command prompt, type:

    bind service <name> -monitorName <string>
    <!--NeedCopy-->
    

Example:

add service ssl_svc 198.51.100.100 SSL 443
Done

add lb monitor ssl_mon HTTP
Done

add ssl certKey abccert -cert serverabc.pem -key serverabc.ky
Done

bind ssl service ssl_svc -certkeyName abccert
Done

bind service ssl_svc -monitorName ssl_mon
Done
<!--NeedCopy-->
Configure SSL monitoring when client authentication is enabled on the backend service