Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Configure a Proxy for SSL Termination at the Distributed Authentication User Interface Load Balancer

Secure communication is terminated and regenerated at the load balancer before forwarding a request to the Distributed Authentication User Interface.

  1. Access, the BIG-IP load balancer login page, in a web browser.

  2. Log in using the following information:





  3. Click Configure your BIG-IP using the Configuration Utility.

  4. In the left pane, click Proxies.

  5. Under the Proxies tab, click Add.

  6. In the Add Proxy dialog, provide the following information:

    Proxy Type:

    Check SSL and ServerSSL.

    Proxy Address:

    The IP address of Load Balancer 3.

    Proxy Service:


    The secure port number

    Destination Address:

    The IP address of Load Balancer 3.

    Destination Service:


    The secure port number

    Destination Target:

    Choose Local Virtual Server.

    SSL Certificate:


    SSL Key:


    Enable ARP:

    Check this box.

  7. Click Next.

    The Insert HTTP Header String page is displayed.

  8. Choose Matching for Rewrite Redirects.

  9. Click Next.

    The Client Cipher List String page is displayed.

  10. Accept the defaults and click Next.

    The Server Chain File page is displayed.

  11. Select OpenSSL_CA_Cert.crt from the drop-down list.

  12. Click Done.

    The new proxy server is now added to the Proxy Server list.

  13. Log out of the load balancer console.

  14. Access from a web browser to verify the configuration.

    Tip –

    A message may be displayed indicating that the browser doesn't recognize the certificate issuer. If this happens, install the CA root certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.

  15. Close the browser.