If you’re attempting to create a certificate key-pair and have received the message shown below, there is usually one common remedy: The remedy is to run your key through OpenSSL using the RSA key processing tool to change it to the traditional SSLeay compatible format. And yes, to immediately answer our critics: we do support […]
PCI requires that TLSv1.0 be disabled. If you’re using the SSL protocol on our load balancer to take advantage of SSL Offload and/or SSL Acceleration, you can easily disable TLS 1.0. You don’t necessarily need to disable this on your server, since communication between the load balancer and your devices is a trusted connection, but […]
We don’t support uploading certificate chains, Intermediate certificates or Root certificates to avoid duplication and save space on our load balancers. But we do have most of the common Intermediate chains already in our repository for your use. You can link/chain your existing SSL certificate to one of these Intermediates to ensure they are trusted […]
Yes, we absolutely do, and always have. Before we supported SNI, we recommended that clients with multiple domains on a single IP address use a SAN (Subject Alternative Name) extension certificate. To use one of these, simply attach it as a standard SSL certificate (that is, do not check the SNI box when attaching it). […]
Yes, you sure can. Single-sign-on is all the rage these days, and why not, it makes life a lot easier (and more secure) for users. We absolutely support load balancing ADFS through the load balancer. In fact, it is actually quite easy. The only port you typically need is 443 for your SSL traffic. If […]
Yes, we sure do. This fairly recent extension of the TLS protocol allows you to indicate which hostname is being contacted by the browser at the beginning of the handshake process. This allows a server to connect multiple SSL Certificates to one IP address and load the correct site or application for the user. Previously […]
Yes, absolutely. There are no issues using their SSL certificates on our platform for Load Balancing or the Web Application Firewall. In fact, we already have the Let’s Encrypt Authority Intermediate certificate loaded into our repository and ready for your use. You can upload certificates manually through our UI, or you can automate/script the entire […]
I want to install the SSL certificate on the Load Balancer and use the SSL protocol, but I don’t want SSL Offload. I want it to remain entirely encrypted between my client and my server. Is this possible?
Yes, this is absolutely possible, and recommended! To accomplish this, you will need to configure the “protocol” as SSL and map it also to SSL on your servers (both probably on port 443). This ensures SSL is maintained between the client and your servers, while still allowing you to take advantage of our SSL acceleration, […]
When using SSL Offload, but with end-to-end encryption (so it is not really offload at all), do I need to install the SSL cert on both the load balancer and my server(s) at the same time?
The quick answer is that some sort of SSL certificate must be installed on your server(s) if you are not going to perform SSL Offload and want to maintain end-to-end encryption. But this doesn’t have to be the same SSL cert you install in the load balancer if you don’t want. It can be, and […]
How do I extract the SSL certificate from Microsoft IIS so it can be imported into the interface and used in Cloud Load Balancing.
There are a few steps involved to successfully export SSL certificates from Microsoft IIS. Essentially, it needs to be exported, run through openssl to separate the key from the cert and split into two files. The two files can then be loaded into the interface. If you already have a key and cert file because […]