11.2.4.13. How to use SSL as a protocol for a Virtual Server¶
| Operation Confirmed Version: | |
|---|---|
| Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition | |
To use the SSL Offload function, you need a setting to create a Virtual Server that uses SSL, after linking the certificates introduced in “Method to link an intermediate certificate and a server certificate”.
Note
The Virtual Server in this title will indicate Virtual Servers setting portion.
Prepare
You need to be enable SSL Offload function. As a default, SSL offload function is disabled.
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] tab, then right click on question mark there and click [Enable Feature].
Presumed case for sample setting
Assume that we want to normally set up/create a Virtual Server (192.168.1.200) that uses SSL.
Configuration diagram
From the [ Configuration ] menu, move to [ Traffic Management ] → [ Load Balancing ] → [ Virtual Servers ]. After the Virtual Servers screen is displayed, click [ Add ].
Input as follows on the Load Balancing Virtual Server screen.
Setting Items |
Setting value |
| Name | www2 (any name) |
| Protocol | SSL |
| IP Address | 192.168.1.210 |
| Port | 443 |
| Traffic Domain | 10 (10 is mandatory) |
Input the set value and click [ More ].
Input 10 to [ Traffic Domain ] and click [ OK ].
The details screen of the Virtual Server will be displayed. Click [ No Load Balancing Virtual Server ServiceGroup Binding ] in [ Service and Service Groups ].
The Service Group Binding screen will be displayed. Select and click [ Click to select ] in [ Select Service Group Name ] section.
The Selection screen of Service Group will be displayed. Select a target service group and click [ Select ].
The Service Group Binding screen will be displayed. Check that the target Service Group is input in the [ Select Service Group Name ], and click [ Bind ].
The details screen of the Virtual Server will be displayed. Check that [ 1 Load Balancing Virtual Server Service Group Binding ] is displayed in [ Service and Service Group ], and click [ Continue ].
[ Certificates ] will be added to the details screen of the Service Group. Click [ No Server Certificate ].
The Server Certificate Binding screen will be displayed. Select and click [ Click to select ] in [ Select Server Certificate ].
Select [ example-IA ] on the SSL Certificates screen, and click [ Select ].
The Server Certificate Binding screen will be displayed. Check that [ example-IA ] is input in the [ Select Server Certificate ], and click [ Bind ].
The details screen of the Virtual Server will be displayed. Check that [ 1 Server Certificate ] is displayed in [ Certificates ], and click [ No CA Certificate ].
The CA Certificate Binding screen will be displayed. Select and click [ Click to select ] in [ Select CA Certificate ].
The CA Certificate Binding screen will be displayed. Select and click [ Click to select ] in [ Select CA Certificate ].
The CA Certificate Binding screen will be displayed. Check that [ example-CA ] is input in the [ Select CA Certificate ], and click [ Bind ].
The details screen of the Virtual Server will be displayed. Check that [ 1 CA Certificate ] is displayed in [ Certificates ], and click [ Continue ].
Click [ Done ] that is displayed in the lower side of the screen.
On the Virtual Server screen, check that the target [ State ] and the [ Effective State ] are [ Up ].
This completes the setting to use SSL as a protocol for Virtual Servers.