PCI requires that TLSv1.0 be disabled. If you’re using the SSL protocol on our load balancer to take advantage of SSL Offload and/or SSL Acceleration, you can easily disable TLS 1.0. You don’t necessarily need to disable this on your server, since communication between the load balancer and your devices is a trusted connection, but […]
We don’t support uploading certificate chains, Intermediate certificates or Root certificates to avoid duplication and save space on our load balancers. But we do have most of the common Intermediate chains already in our repository for your use. You can link/chain your existing SSL certificate to one of these Intermediates to ensure they are trusted […]
Yes, we absolutely do, and always have. Before we supported SNI, we recommended that clients with multiple domains on a single IP address use a SAN (Subject Alternative Name) extension certificate. To use one of these, simply attach it as a standard SSL certificate (that is, do not check the SNI box when attaching it). […]
Yes, you sure can. Single-sign-on is all the rage these days, and why not, it makes life a lot easier (and more secure) for users. We absolutely support load balancing ADFS through the load balancer. In fact, it is actually quite easy. The only port you typically need is 443 for your SSL traffic. If […]
Yes, we sure do. This fairly recent extension of the TLS protocol allows you to indicate which hostname is being contacted by the browser at the beginning of the handshake process. This allows a server to connect multiple SSL Certificates to one IP address and load the correct site or application for the user. Previously […]
Yes, absolutely. There are no issues using their SSL certificates on our platform for Load Balancing or the Web Application Firewall. In fact, we already have the Let’s Encrypt Authority Intermediate certificate loaded into our repository and ready for your use. You can upload certificates manually through our UI, or you can automate/script the entire […]
I want to install the SSL certificate on the Load Balancer and use the SSL protocol, but I don’t want SSL Offload. I want it to remain entirely encrypted between my client and my server. Is this possible?
Yes, absolutely. There are many advantages to installing the SSL certificate on our load balancer. True, many use it for SSL offload, that is to perform SSL/443 between the client and the load balancer, but then convert it to HTTP/80 between the load balancer and the server. This has the benefit of satisfying Google rankings, […]
When using SSL Offload, but with end-to-end encryption (so it is not really offload at all), do I need to install the SSL cert on both the load balancer and my server(s) at the same time?
The quick answer is that some sort of SSL certificate must be installed on your server(s) if you are not going to perform SSL Offload and want to maintain end-to-end encryption. But this doesn’t have to be the same SSL cert you install in the load balancer if you don’t want. It can be, and […]
How do I extract the SSL certificate from Microsoft IIS so it can be imported into the interface and used in Cloud Load Balancing.
There are a few steps involved to successfully export SSL certificates from Microsoft IIS. Essentially, it needs to be exported, run through openssl to separate the key from the cert and split into two files. The two files can then be loaded into the interface. If you already have a key and cert file because […]
The answer depends on what you are trying to accomplish. If you want to enable SSL Offload or SSL intercept so we can inject the source IP (client IP), then YES, you will need to use either the SSL or SSL_TCP protocol with port 443 AND upload and attach an SSL Certificate. If you do […]