Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1062
Views
0
Helpful
3
Replies

Cisco ACE - SSL Termination issues.

lquin1978
Level 1
Level 1

‎01-31-2011 05:19 AM

We have a Cisco ACE set up SSL termination, which is handling front end SSL for a backend web server (which provides front end access to a web application).   Now when the ACE is set up with SSL termination you can get to the webserver and login and perform about 90% of operations within the application but there are certain parts of the application that do not seem to work (certain menus dont work properly).

Now if we change to end-to-end SSL and place the cert on the web server all works fine.  Could someone offer some advice on where to start (and how) troubleshooting this?

Thanks

Labels:
0 Helpful
3 Replies 3

Francesco Casotto
Cisco Employee
Cisco Employee

‎01-31-2011 05:52 AM

Hello,

Are always the same parts/menus/functionalities/pages systematically failing?

I guess different issues could cause this kind of problem but what comes to mind first is the possibility that the web application would have some hardcoded links with the "http://" protocol in the URL that might stop working when the ssl termination happens on the LB, possibly when instead the ssl termination is happening on the server then the web-application is aware of it and the correct urls are produced.

You can investigate the above hypothesis and in general check what it seems to not be working with:

a packet capture on the client <- look if there is any attempt to connect to port 80

on the client browser you could use tools like:

httpfox for firefox <- it can tell you all the requests performed by your browser when loading a webpage, even through https

firebug for firefox <- similar functionality as above plus it will let you inspect the various parts of the webpage, you can use it to better identify the elements that are not rendering correctly on the page

Hope it helps,

Francesco

0 Helpful

lquin1978
Level 1
Level 1
In response to Francesco Casotto

‎01-31-2011 06:17 AM

Thank you for your reply.  If the webserver does reply with tcp/80 links shouldn't the http rewrite take care of this?

Thanks again

0 Helpful

Francesco Casotto
Cisco Employee
Cisco Employee
In response to lquin1978

‎01-31-2011 06:38 AM

Hello,

no, the rewrite happening on the ace will only take care of the urls provided in the "Location" header of the HTTP redirects, so basically only when your web-application is issueing a HTTP 30x response pointing the client browser to open another URL.

If the web applications returns a page that embeds in its body a link to a http url this will NOT be rewritten by the ACE (the reason is that it would be quite computation intensive to (buffer and) parse the entire response content looking for URL matching a regular expression and then rewrite them).

Hope it clarifies,

Francesco

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card