To Create an SSL Proxy for SSL Termination at the User Data Load Balancer 1

SSL communication is terminated at Load Balancer 1. The request is then re-encrypted and securely forwarded to the SSL port of the Directory Server user data instance. Load Balancer 1 also encrypts the responses it receives back from the user data instance, and sends these encrypted responses back to the client. Towards this end create an SSL proxy for SSL termination and regeneration.

Before You Begin

You should have a root certificate issued by a recognized CA.

1. Access https://is-f5.example.com, the BIG-IP load balancer login page, in a web browser.

2. Log in with the following information.

   User name:

   username

   Password:

   password

3. Click Configure your BIG-IP (R) using the Configuration Utility.

4. In the left pane, click Proxies.

5. Under the Proxies tab, click Add.

6. In the Add Proxy dialog, provide the following information.

   Proxy Type:

   Check the SSL and ServerSSL checkbox.

   Proxy Address:

   The IP address of Load Balancer 1.

   Proxy Service:

   489

   The secure port number

   Destination Address:

   The IP address of Load Balancer 1.

   Destination Service:

   490

   The non-secure port number

   Destination Target:

   Choose Local Virtual Server.

   SSL Certificate:

   Choose lb-1.example.com.

   SSL Key:

   Choose lb-1.example.com.

   Enable ARP:

   Check this checkbox.

7. Click Next.

8. On the page starting with “Insert HTTP Header String,” change to Rewrite Redirects and choose Matching.

9. Click Next.

10. On the page starting with “Client Cipher List String”, accept the defaults.

11. Click Next.

12. On the page starting with “Server Chain File,” change to Server Trusted CA's File and select “OpenSSL_CA_Cert.crt” from the drop-down list.

13. Click Done.

    The new proxy server is added to the Proxy Server list.

14. Log out of the load balancer console.