To Configure a Proxy for SSL Termination at the Distributed Authentication User Interface Load Balancer

Secure communication is terminated and regenerated at the load balancer before forwarding a request to the Distributed Authentication User Interface.

1. Access https://is-f5.example.com, the BIG-IP load balancer login page, in a web browser.

2. Log in using the following information:

   Username

   username

   Password

   password

3. Click Configure your BIG-IP using the Configuration Utility.

4. In the left pane, click Proxies.

5. Under the Proxies tab, click Add.

6. In the Add Proxy dialog, provide the following information:

   Proxy Type:

   Check SSL and ServerSSL.

   Proxy Address:

   The IP address of Load Balancer 3.

   Proxy Service:

   1443

   The secure port number

   Destination Address:

   The IP address of Load Balancer 3.

   Destination Service:

   9443

   The secure port number

   Destination Target:

   Choose Local Virtual Server.

   SSL Certificate:

   Choose lb-3.example.com.

   SSL Key:

   Choose lb-3.example.com.

   Enable ARP:

   Check this box.

7. Click Next.

   The Insert HTTP Header String page is displayed.

8. Choose Matching for Rewrite Redirects.

9. Click Next.

   The Client Cipher List String page is displayed.

10. Accept the defaults and click Next.

    The Server Chain File page is displayed.

11. Select OpenSSL_CA_Cert.crt from the drop-down list.

12. Click Done.

    The new proxy server is now added to the Proxy Server list.

13. Log out of the load balancer console.

14. Access https://lb-3.example.com:1443/index.html from a web browser to verify the configuration.

    ---

    Tip –

    A message may be displayed indicating that the browser doesn't recognize the certificate issuer. If this happens, install the CA root certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.

    ---

15. Close the browser.