Client And Traffic Server Connections - HP P4535A - Web Cache Server Appliance Administrator's Manual
Hp cache server appliance administrator guide
Hide thumbs
Also See for P4535A - Web Cache Server Appliance:
- Warranty and support information (12 pages) ,
- Manual (21 pages) ,
- Getting started manual (26 pages)
Table of Contents
Advertisement
Chapter 11
Client and Traffic Server connections
Figure 11-2. illustrates communication between a client and Traffic Server, and between Traffic Server and
an origin server when the SSL termination option is enabled and configured for client/Traffic Server
connections only.
Client
The client sends an HTTPS request for content. Traffic Server receives the request and performs
1
the SSL handshake to authenticate the client (depending on the authentication options configured)
and to determine the encryption method to be used.
If the client is allowed access, Traffic Server checks its cache for the requested content.
If the request is a cache hit and the content is fresh, Traffic Server encrypts the content and
2
sends it to the client, where it is decrypted (using the method determined during the handshake)
and displayed.
3
If the request is a cache miss or is stale, Traffic Server communicates with the origin Server via
HTTP and obtains the plain text version of the content. Traffic Server saves the plain text version
of the content in its cache, and then encrypts the content and sends it to the client, where it is
decrypted and displayed.
Figure 11-2. Client and Traffic Server communication using SSL termination
To configure Traffic Server to use the SSL termination option for client/Traffic Server connections:
Obtain and install an SSL server certificate from a recognized certificate authority (such as VeriSign). The
SSL server certificate contains information that allows the client to authenticate Traffic Server and
exchange secret encryption keys.
Set configuration variables in the
o Enable the SSL termination option
o Set the port number used for SSL communication
o Specify the filename and location of the server certificate
o Configure the use of client certificates (optional)
Client certificates are located on the client. If you configure Traffic Server to require client certificates,
Traffic Server verifies the client certificate during the SSL handshake to authenticate the client. This
authentication process is transparent to the user. If you configure Traffic Server to not require client
certificates, access to Traffic Server is managed through access control lists and other Traffic Server
options that have been set (for example rules in the
authentication).
o Specify the file name and location of the Traffic Server's private key (if the private key is not located
in the server certificate file)
Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys.
The private key must be stored and protected against theft.
o Configure the use of certification authorities (CAs) - Optional
CAs provide added security when using client certificates by verifying the identity of the person
requesting a certificate.
1
HTTPS request
Traffic
Server
2
Encrypted secure connection
records.config
3
HTTP
origin server
file to:
file and LDAP-based proxy
ip_allow.config
Security Options
94
Advertisement
Table of Contents
Need help?
Do you have a question about the P4535A - Web Cache Server Appliance and is the answer not in the manual?
Questions and answers