02-04-2009 03:57 AM
Hello,
I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?
In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.
BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.
Thanks for any help offered.
Murtaza
02-04-2009 05:24 AM
Murtaza,
you can only do that if you can decrypt the traffic and re-encrypt.
This is the purpose of SSL.
So, you need a CSM-S or a SSL Module or the ACE module.
Gilles.
02-04-2009 06:01 AM
Hello Gilles,
We do have a CSM-S but if I have understood you correctly we need to terminate SSL connection on the SSL-DC and create an HTTP one from CSM to the backend system.
This is more like SSL termination than redirect correct?
Thanks,
-Murtaza
02-04-2009 07:30 AM
you have to send the decrypted request back to the CSM which create a redirect, send it to the SSLM which re-encrypt and forward to the client.
Gilles.
02-05-2009 06:44 AM
Would you have a config example on how to do this on the CSM-S?
Thanks,
Murtaza
02-06-2009 02:51 AM
I don't have a config in hands for this.
I have done it before and know this is feasible.
The redirect is here :
Just change the vip to be only accessible by the SSLM.
Create the appropriate redirect vserver.
On the SSLM, send the decrypted traffic to the vip address and port.
Just as if the Vip was a server.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide