Yes, this is absolutely possible, and recommended! To accomplish this, you will need to configure the “protocol” as SSL and map it also to SSL on your servers (both probably on port 443). This ensures SSL is maintained between the client and your servers, while still allowing you to take advantage of our SSL acceleration, multiplexing, session reuse, WAF security and other features. (NOTE: SSL_PROXY and even plain TCP also allow you to have end-to-end encryption between the client and your servers, but do not allow for you to take advantage of any features because we cannot see the traffic since it is encrypted).
There are many advantages to installing the SSL certificate on our load balancing platform. True, many use it for full SSL offload, that is to perform SSL/443 between the client and the load balancers, but then convert it to HTTP/80 between the load balancers and the server. Full SSL Offload has the benefit of satisfying Google rankings, as an example, since they now prefer to see all websites encrypted, but it can also reduce the SSL load on your servers. Of course, we wouldn’t recommend this for an ecommerce or banking website. That would just be plain insecure. But full SSL Offload is not mandatory, nor is it necessarily recommended. You can still install the SSL Certificate on our server and take advantage of other features such as SSL acceleration, multiplexing, session reuse, WAF security and more. For example, you may want us to insert the X-Forwarded-For header into the HTTP headers so you can see the original client IP. This is not possible if we can’t decrypt the traffic stream (e.g. by using the SSL_PROXY or TCP protocols).
When Total Uptime can decrypt your SSL traffic, you can also take advantage of SSL multiplexing and session re-use too. For example, if you have 1000 customers using HTTPS to your website, we can terminate all of those connections on our load balancer and then proxy them over to your server still using SSL, but with far fewer connections. And, of course, SSL session re-use allows us to simply re-use an existing open SSL connection for a new client when the old one is done. This prevents the very CPU intensive operation of negotiating the SSL session.
Lastly, we hope it goes without saying, but if we can’t decrypt your traffic to see what’s inside, we can’t provide WAF protection either. So bottom line, it makes sense to use the SSL protocol, attach a certificate, and let us do what you pay us to do! We hope this answers your question and allays any fear that SSL Offload is mandatory when using the SSL protocol. If you have any questions, we’re here to help! Just reach out to us.