Secure Socket Layer (SSL) termination at Load Balancer 3 increases performance on the Access Manager level, and simplifies SSL certificate management. Because Load Balancer 3 sends unencrypted data to the Access Manager server, it does not have to perform decryption, and the burden on its processor is relieved. Clients send SSL-encrypted data to Load Balancer 3 which, in turn, decrypts the data and sends the unencrypted data to the appropriate Access Manager server. Load Balancer 3 also encrypts responses from the Access Manager server, and sends these encrypted responses back to the client. Towards this end, you create an SSL proxy, the gateway for decrypting HTTP requests and encrypting the reply.
SSL communication is terminated at Load Balancer 3 before a request is forwarded to the Access Manager servers.
Before creating the SSL proxy, you should have a certificate issued by a recognized CA.
Access https://is-f5.example.com, the BIG-IP load balancer login page, in a web browser.
Log in with the following information.
username
password
Click Configure your BIG-IP (R) using the Configuration Utility.
In the left pane, click Proxies.
Under the Proxies tab, click Add.
In the Add Proxy dialog, provide the following information.
Check the SSL checkbox.
The IP address of Load Balancer 3.
9443
The secure port number
The IP address of Load Balancer 3.
7070
The non-secure port number
Choose Local Virtual Server.
Choose LoadBalancer-3.example.com.
Choose LoadBalancer-3.example.com.
Check this checkbox.
Click Next.
In the Rewrite Redirects field, choose Matching.
Click Done.
The new proxy server is added to the Proxy Server list.
Log out of the load balancer console.
Access https://LoadBalancer-3.example.com:9443/index.html from a web browser.
If the Web Server index page is displayed, you can access the Web Server using the new proxy server port number and the load balancer is configured properly.
A message may be displayed indicating that the browser doesn't recognize the certificate issuer. If this happens, install the CA root certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.
Close the browser.