Radware Alteon Application Manual page 349

5. Set the HTTPS virtual service to be used in the defined virtual server.
>> Main# /cfg/slb/virt 1/service https
>> Virtual Server 1 443 https Service# group 1
>> Virtual Server 1 443 https Service# ssl
>> SSL Load Balancing# srvrcert
Current SSL server certificate: none
Enter new SSL server certificate or group
[cert|group|none] [none]: cert
Enter new SSL server certificate: MyCert
>> SSL Load Balancing# sslpol myPol
Note: The back-end server listening port (rport) is set to 443 because you enabled back-end
encryption. For a different network setting, rport can be configured manually. If the back-end
server listening port was previously configured to a specific port, it will not be modified and must
be configured manually if required.
6. Optionally, import an Intermediate CA certificate or group and bind it to the SSL policy. For
details on Intermediate CA certificates and groups, see the section on the
menu in the Alteon Application Switch Operating System Command Reference.
certs
To bind the intermediate CA certificate to the SSL policy use the following command:
>> Main# /cfg/slb/ssl/sslpol myPol
>> SSL Policy myPol# intermca <cert|group> <cert/
group ID>
7. Enable DAM or configure proxy IP addresses and enable proxy on the client port.
8. When using HTTP SSL offloading with back-end encryption enabled, Radware recommends using
multiplexing to minimize the server load of performing new SSL handshakes. For more details on
multiplexing, see Content-Intelligent Connection Management, page
Example 4: Configuring an SSL Offloading Service for Multiple Domains on the
Same Virtual IP Using Server Name Indication (SNI)
To configure SSL offloading for multiple domains behind a single virtual IP, SSL handshake server
name indication (SNI) is used.
1. Before you can configure an SSL offloading service, ensure that Alteon is configured for basic
SLB:
— Assign an IP address to each of the real servers in the server pool.
— Define an IP interface.
— Define each real server.
— Assign servers to real server groups.
— Enable SLB.
— Define server port and client port.
Document ID: RDWR-ALOS-V2900_AG1302
Alteon Application Switch Operating System Application Guide
Offloading SSL Encryption and Authentication
(Define the HTTPS service)
(Associate the servers group to
be used in that service)
(Switch to SSL menu under
HTTPS service)
(Associate the defined server
certificate)
(Associate the defined SSL policy)
(Enter the defined SSL policy)
(Select the intermediate CA
certificate or group to be used)
/cfg/slb/ssl/
277.
349