Alteon Application Switch Operating System Application Guide
Offloading SSL Encryption and Authentication
350 Document ID: RDWR-ALOS-V2900_AG1302
— Define virtual server.
For more information on how to configure Alteon for SLB, see Server Load Balancing, page 165
.
2. Create or import SSL server certificates of all the servers that are SSL offloaded according to
Example 1: Configuring a Basic SSL Offloading Service, page 343
.
3. Create a certificate group that includes all the server certificates to be used in this VIP.
4. Optionally, define a default certificate that to be used for browsers or clients not supporting SNI:
This certificate can include the various domains for which you do SSL-offloading, using wildcard
domain names or a Subject Alternative Name (SAN).
5. Associate the server certificate group to a virtual service according to Example 1: Configuring a
Basic SSL Offloading Service, page 343 with the following change:
/cfg/slb/ssl/certs/
>> Certificate Repository# group/
Enter group id: 1
(Enter the Group menu)
>> 4416-2 - Group 1# type
Current certificate group type: intermca
Enter new certificate group type
[srvrcert|trustca|intermca]: srvrcert
(Select the Group type of the
Server Certificate Group)
>> 4416-2 - Group 1# add
Enter certificate ID:servercert1
Certificate servercert1 is added to group 1
>> 4416-2 - Group 1# add
Enter certificate ID:servercert2
Certificate servercert2 is added to group 1
(Add the server certificate)
(Press the tab key to list all
existing server certificates or for
name completion)
/cfg/slb/ssl/certs/group
>> Group 1# default
Current default srvrcert certificate:
Enter new default server certificate id to use for
non-SNI clients or none: def-cert
default srvrcert certificate def-cert is added to
group 1
(Select def-cert as the default
certificate)
>> Main# /cfg/slb/virt 1/service https
(Define the HTTPS service)
>> Virtual Server 1 443 https Service# group 1
(Associate the server group to be
used in that service)
>> Virtual Server 1 443 https Service# ssl
(Switch to the SSL menu under
HTTPS service)