Tech Tips  
Home   Company   Solutions   Products   Sales   Services   Support
   How to generate SSL CSR and enable SSL acceleration

WebMux supports SSL termination, offloading SSL encryption and decryption from the servers CPUs. In addition, for L7 logic to work, the SSL encrypted traffic must be decrypted first by WebMux so that the traffic can be inspected and directed correctly based on its cookie or URL.

To make the SSL termination working, you will need to have SSL certificates created and signed by a CA (certificate authority), which normally paid Microsoft or Google to have its CA root pre-installed in the IE browser or Firefox browser. Of course you can self sign your SSL certificate, which will have same security level as CA signed certificate. However, self-signed SSL certificate will trigger visitor′s browser to pop up a window asking for confirmation.

This document illustrates how to create the SSL certificate request and how to install CA signed certificate into WebMux.

1). Here is how to create a CSR and how to create a farm using SSL termination.

From the main management console page, click on the SSL keys button:


Click on an unused key slot, for example "key 3" in picture below (or you can delete the sample keys and go from there).


In the next page, select "use newly generated nnnn-bit RSA key" from the drop down menu above the private key box with the desired bit strength.


Click on the confirm button and you will be brought into the Certificate Request Generation page. Fill in the fields below and clicks confirm:


WebMux will display the Certificate Signing Request(CSR) based on those information you provided. The CSR contains your information and your public key. This CSR is to be send to the CA. Please copy and paste it into a text file and keep a copy for safety. Do not click confirm button until you have copied and pasted this into a file and saved it, since WebMux does not keep this information.

CA will sign your CSR and let you download signed certificate. Since the CSR contains your public key, signed certificate will only work with the matching private key generated in this step. If you mismatched different public key and private key, they would not work. To prevent the mismatch key pairs, label your private key properly in next step is important. Once you clicked "Confirm" button, you will be bring to next page:


The private key matches the public key in your CSR is now in the private key text box. In the private key text box, it is recommended putting in a comment to identify the key slot and its status. If you add a comment to the private key, you need select "use new private key pasted in" then "confirm" so that the private key box gets properly updated.

Once you received your signed CA, please paste it in the certificate field. Be sure to include the -----BEGIN and END----- header and footers. You can import certificates in PEM format (the format generally used for Linux Apache). If you were given an intermediate certificate along with the certificate, you can paste it below the main certificate along with its own -----BEGIN and END----- header and footer. The signed certificates order in the certificate field is significant.


Now from "modify farmquot; screen, one can select the SSL key slot for being used for SSL termination. Please note after SSL termination, the traffic between WebMux and server are not encrypted. For the web server, that is HTTP only. If your farm was HTTP/HTTPS before, you will need to recreate the farm to use the "service" HTTP - hypertext transfer protocol (TCP), so that SSL termination logic having chance to listen to the SSL port(otherwise, the port will be used twice and cause conflict). Then select the key slot from the "SSL termination" drop down menu. Clicks confirm.


Your farm should now show the port 80 (443). The 443 inside the parenthesis means the WebMux is configured to do SSL termination for that farm.


Is this easy to do? Have fun with WebMux!

Contact us   Jobs   Press   Privacy   Terms of use
Copyright © 1987- CAI Networks, Inc. Copyright © 1998-2000 Red Hill Networks, Inc. All rights reserved.