After looking at the config more on that page, I see this is termination
with http traffic on the backend (which is what Willie said). So to keep it
TLS the whole way to the back end I have to use TCP pass through.
Thanks again this has been informative.
Sam
On February 18, 2017 at 6:51:10
Thanks, this is what I was looking for. I could just call a reload of the
LB with the PID whenever the CRL was updated by the cron.
Is there a requirement to bind on 443 for this method or can I make it
anything?
Adding the header info with the details from the client will require a
backend
Damn. I shouldn't respond to questions after midnight :-(. I completely
overread this is about client certificates until now. Sorry for missing that,
Sam; and thanks Willy for the interesting link.
One question comes up for me though, after reading it (unless I am still not
awake enough, in
On Fri, Feb 17, 2017 at 07:20:14PM -0500, Sam Crowell wrote:
> Thanks for the response Daniel. What is the best way to handle SSL traffic
> through a load balancer to maintain original client certificates? Just use
> mode TCP and passthrough? Is there a way to do that without turning off
>
lancer, but then send
the original certificate to the backend server? I have seen plenty of notes
and configs for SSL passthrough and SSL termination with re-encryption by
the load balancer certificate.
>
> Even with passthrough, I still have to disable hostname verifier because
the backend se
ertificate pair with the client. There is no way around that.
>>>
>>> Regards,
>>> Daniel
>>>
>>>
>>> > On 18 Feb 2017, at 00:47, Sam Crowell <crowes...@gmail.com> wrote:
>>> >
>>> > Is there a way to do
Is there a way to do SSL termination at the load balancer, but then send
the original certificate to the backend server? I have seen plenty of notes
and configs for SSL passthrough and SSL termination with re-encryption by
the load balancer certificate.
>
> Even with passthrough, I still hav
gt; wrote:
>
> Is there a way to do SSL termination at the load balancer, but then send
the original certificate to the backend server? I have seen plenty of notes
and configs for SSL passthrough and SSL termination with re-encryption by
the load balancer certificate.
>
> Even with pass
e load balancer, but then send the
> original certificate to the backend server? I have seen plenty of notes and
> configs for SSL passthrough and SSL termination with re-encryption by the
> load balancer certificate.
>
> Even with passthrough, I still have to disable hostname verifier
Is there a way to do SSL termination at the load balancer, but then send
the original certificate to the backend server? I have seen plenty of
notes and configs for SSL passthrough and SSL termination with
re-encryption by the load balancer certificate.
Even with passthrough, I still have
10 matches
Mail list logo
