Jump to content


Photo

Two way SSL

ssl two way

This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1 Sajeev Chandrapragasam

Sajeev Chandrapragasam
  • Members
  • 49 posts

Posted 01 April 2016 - 03:09 AM

1.       Configure www.test.com  service to use one way SSL

 

2.       Configure for particular website which go through internet security junction, example www.test.com/api/notifications/smsCallback, configure using 2 ways SSL.

 

Can this be done in LB?  



#2 Kaushik Thirumurthy

Kaushik Thirumurthy
  • Barracuda Team Members
  • 41 posts

Posted 01 April 2016 - 04:09 AM

Hello Sajeev,

 

Are you referring to SSL communication over Front-end ( between ADC And client) and Back-end  ( Between ADC and real-server) as two-way SSL configuration?

 

If yes, then it can be achieved with content rules.

 

1) Please create a content rule to match the URL /api/notifications/smsCallback

2) Under this content rule, configure the real server ( edit the respective server settings under the content rule on ADC)and enable SSL under server SSL configuration.

 

This would ensure that the communication would be over SSL between the ADC And real server.

 

Do post if you have any questions, thank you.

 

 

Regards,

Kaushik



#3 Sajeev Chandrapragasam

Sajeev Chandrapragasam
  • Members
  • 49 posts

Posted 01 April 2016 - 05:14 AM

Hello Sajeev,

 

Are you referring to SSL communication over Front-end ( between ADC And client) and Back-end  ( Between ADC and real-server) as two-way SSL configuration?

 

If yes, then it can be achieved with content rules.

 

1) Please create a content rule to match the URL /api/notifications/smsCallback

2) Under this content rule, configure the real server ( edit the respective server settings under the content rule on ADC)and enable SSL under server SSL configuration.

 

This would ensure that the communication would be over SSL between the ADC And real server.

 

Do post if you have any questions, thank you.

 

 

Regards,

Kaushik

Hi Kashik,

 

  This is the implementation that we want. Can this be configured in LB?

 

http://www.ossmentor.com/2015/03/one-way-and-two-way-ssl-and-tls.html



#4 Kaushik Thirumurthy

Kaushik Thirumurthy
  • Barracuda Team Members
  • 41 posts

Posted 07 April 2016 - 05:04 AM

Hello Sajeev,

 

Yes, this can be achieved on the ADC.

 

Please refer to the below steps:

 

Import the CA Certificate to the Barracuda Load Balancer ADC

The Trusted CA certificate needs to be uploaded in the BASIC > Certificates > Upload Trusted (CA) Certificate section.

Enable Client Authentication on the Barracuda Load Balancer ADC

To be able to use the CA certificate for validating client certificates, client authentication should first be enabled.

Steps to enable client authentication:
  1. Go to the BASIC > Services page.
  2. In the Configured Virtual Services section, identify the service for which you want to enable client authentication.
  3. Click Edit next to the service. In the Service edit page, scroll down to the SSL section.
  4. Set Enable Client Authentication and Enforce Client Certificate to Yes.
  5. Select the check box(es) next to the Trusted Certificates parameter.

 

Upon enforcing client certificate on Step 4, service would be accessible only to the users who present the client certificate. If a client certificate is not presented, then access would be denied.

 

Do post if you have any questions, thank you.

 

 

Regards,

Kaushik



#5 Sajeev Chandrapragasam

Sajeev Chandrapragasam
  • Members
  • 49 posts

Posted 13 April 2016 - 05:22 AM

Hello Sajeev,

 

Yes, this can be achieved on the ADC.

 

Please refer to the below steps:

 

Import the CA Certificate to the Barracuda Load Balancer ADC

The Trusted CA certificate needs to be uploaded in the BASIC > Certificates > Upload Trusted (CA) Certificate section.

Enable Client Authentication on the Barracuda Load Balancer ADC

To be able to use the CA certificate for validating client certificates, client authentication should first be enabled.

Steps to enable client authentication:
  1. Go to the BASIC > Services page.
  2. In the Configured Virtual Services section, identify the service for which you want to enable client authentication.
  3. Click Edit next to the service. In the Service edit page, scroll down to the SSL section.
  4. Set Enable Client Authentication and Enforce Client Certificate to Yes.
  5. Select the check box(es) next to the Trusted Certificates parameter.

 

Upon enforcing client certificate on Step 4, service would be accessible only to the users who present the client certificate. If a client certificate is not presented, then access would be denied.

 

Do post if you have any questions, thank you.

 

 

Regards,

Kaushik

 

Hi Kaushik,

 

Thank you for reply. Can we configure this for certain URL junction?

 

Example : www.test.com/portal/apps/us1

 

When user hit this URL "www.test.com/portal/apps/us1" , It has to do the two way authentication. Rest of the urls in that domain shouldn't do any two authentication.

 

Is this possible?