SSL policy binding

You can bind SSL policies globally or to an SSL virtual server. Globally bound policies are evaluated after all policies bound to services, virtual servers, or other NetScaler bind points are evaluated. If the incoming data matches any of the rules configured in the SSL policy, the policy is triggered and the action associated with it is carried out.

When binding an SSL policy to a virtual server, you must select from one of the following bind points:

Similarly, when unbinding a policy from a virtual server, you must specify the bind point.

Bind an SSL policy globally by using the CLI

At the command prompt, type the following command to bind a global SSL policy and verify the configuration:

bind ssl global - policyName <string> [- priority <positive_integer>]
show ssl global

Example:

bind ssl global -policyName Policy-SSL-2 -priority 90

Done

sh ssl global

     1) Name: Policy-SSL-2 Priority: 90

     2) Name: Policy-SSL-1 Priority: 100

Done

Bind an SSL policy globally by using the GUI

  1. Navigate to Traffic Management > SSL > Policies.
  2. In the details pane, click Global Bindings.
  3. In the Bind/Unbind SSL Policies to Global dialog box, click Insert Policy.
  4. In the Policy Name drop-down list, select a policy.
  5. Optionally, drag the entry to a new position in the policy bank to automatically update the priority level.
  6. Click OK. A message appears in the status bar, stating that the policy has been bound successfully.

Bind or unbind an SSL policy to a virtual server by using the CLI

At the command prompt, type the following command to bind an SSL policy to a virtual server and verify the configuration:

bind ssl vserver <vServerName> -policyName <string> -priority <positive_integer> -type <type>

unbind ssl vserver <vServerName> -policyName <string> -priority <positive_integer> -type <type>

Example:

bind ssl vserver v1 -policyName pol1 -priority 1 -type CLIENTHELLO_REQ
unbind ssl vserver v1 -policyName pol1 -priority 1 -type CLIENTHELLO_REQ
show ssl vserver vs-server

Advanced SSL configuration for VServer vs-server:

DH: DISABLED

Ephemeral RSA: ENABLED          Refresh Count: 1000

Session Reuse: ENABLED          Timeout: 120 seconds

Cipher Redirect: DISABLED

SSLv2 Redirect: DISABLED

ClearText Port: 80

Client Auth: DISABLED

SSL Redirect: ENABLED

SSL-REDIRECT Port Rewrite: ENABLED

Non FIPS Ciphers: DISABLED

SSLv2: DISABLED SSLv3: ENABLED  TLSv1: ENABLED

1)      Policy Name: ssl-policy-1        Priority: 10

1)      Cipher Name: DEFAULT

            Description: Predefined Cipher Alias

Done

Bind an SSL policy to a virtual server by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers, and open an SSL virtual server.
  2. In Advanced Settings, select SSL Policy, Click in the SSL Policy section to bind to the virtual server.
  3. In the Policy Binding page, select an existing policy or add a new policy.
  4. Specify priority and type (bind point) for the policy.
  5. Click Bind.
  6. Click Done.