- Configuring SSL Offloading
- Managing Certificates
- Managing Certificate Revocation Lists
- Monitoring Certificate Status with OCSP
- Configuring Client Authentication
- Customizing the SSL Configuration
- Configuring SSL Actions and Policies
- Use Case 1: Configuring SSL Offloading with End-to-End Encryption
- Use Case 2: Configuring Transparent SSL Acceleration
- Use Case 3: Configuring SSL Acceleration with HTTP on the Front End and SSL on the Back End
- Use Case 4: SSL Offloading with Other TCP Protocols
- Use Case 5: Configuring SSL Bridging
- Use Case 6: Configuring SSL Monitoring when Client Authentication is Enabled on the Backend Service
- Use Case 7: Configuring a Secure Content Switching Server
- Ciphers Supported by the NetScaler Appliance
- Cipher/Protocol Support Matrix on the NetScaler Appliance
- FIPS
- Support for Thales nShield® HSM
- Troubleshooting
- SSL FAQs
Use Case 5: Configuring SSL Bridging
May 26, 2015
An SSL bridge configured on the NetScaler appliance enables the appliance to bridge all secure traffic between the SSL client and the SSL server. The appliance does not offload or accelerate the bridged traffic, nor does it perform encryption or decryption. Only load balancing is done by the appliance. The SSL server must handle all SSL-related processing. Features such as content switching, SureConnect, and cache redirection do not work, because the traffic passing through the appliance is encrypted.
Because the appliance does not carry out any SSL processing in an SSL bridging setup, there is no need for SSL certificates.
Citrix recommends that you use this configuration only if an acceleration unit (for example, a PCI-based SSL accelerator card) is installed in the web server to handle the SSL processing overhead.
Before you configure SSL bridging, first enable SSL and load balancing on the appliance. Then, create SSL_Bridge services and bind them to an SSL_Bridge virtual server. Configure the load balancing feature to maintain server persistency for secure requests.
Example
After enabling SSL
and load balancing, create two servers, s1 and s2. Create two SSL_Bridge
services, sc1 and src2. Create an SSL_Bridge virtual server and bind the
SSL_Bridge services to the virtual server to complete the configuration. At the
command line, type:
enable ns feature SSL LB add server s1 10.102.1.101 add server s2 10.102.1.102 add service src1 s1 SSL_BRIDGE 443 add service src2 s2 SSL_BRIDGE 443 add lb vserver ssl_bridge_vip SSL_BRIDGE 10.102.1.200 443 bind lb vserver ssl_bridge_vip src1 bind lb vserver ssl_bridge_vip src2